[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff



The file mode is 400, and I think anyuid breaks reading it since the user changes.

https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_web_console/files/console-template.yaml#L90

The console doesn't need anyuid... I'm not sure what's adding it.

Sam

On Thu, May 17, 2018 at 9:03 AM, Clayton Coleman <ccoleman redhat com> wrote:
anyuid is less restrictive than restricted, unless you customized restricted.  Did youvustomize restricted?

On May 17, 2018, at 8:56 AM, Charles Moulliard <cmoullia redhat com> wrote:

Hi,

If we scale down/up the Replication Set of the OpenShift Web Console, then the new pod created will crash and report

"Error: unable to load server certificate: open /var/serving-cert/tls.crt: permission denied"

This problem comes from the fact that when the pod is recreated, then the scc annotation is set to anyuid instead of restricted and then the pod can't access the cert

apiVersion: v1
kind: Pod
metadata:
  annotations:
    openshift.io/scc: anyuid

Is this bug been fixed for openshift 3.9 ? Is there a workaround to resolve it otherwise we can't access anymore the Web Console ?

Regards

CHARLES MOULLIARD

SOFTWARE ENGINEER MANAGER SPRING(BOOT)

Red Hat

cmoulliard redhat com    M: +32-473-604014    

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]