[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff



Even if I add the webconsole ServiceAccount to scc anyuid, pod fails to start 

https://gist.github.com/cmoulliard/f05b9bc762cbab9993087b1a44aa1331



On Thu, May 17, 2018 at 7:42 PM, Charles Moulliard <cmoullia redhat com> wrote:
Do you want that I create a ticket to report the error which is really blocking/critical ?

On Thu, May 17, 2018 at 5:20 PM, Charles Moulliard <cmoullia redhat com> wrote:
Personaly no. Fyi web console was installed using Openshift ansible playbook

On Thu, May 17, 2018, 15:03 Clayton Coleman <ccoleman redhat com> wrote:
anyuid is less restrictive than restricted, unless you customized restricted.  Did youvustomize restricted?

On May 17, 2018, at 8:56 AM, Charles Moulliard <cmoullia redhat com> wrote:

Hi,

If we scale down/up the Replication Set of the OpenShift Web Console, then the new pod created will crash and report

"Error: unable to load server certificate: open /var/serving-cert/tls.crt: permission denied"

This problem comes from the fact that when the pod is recreated, then the scc annotation is set to anyuid instead of restricted and then the pod can't access the cert

apiVersion: v1
kind: Pod
metadata:
  annotations:
    openshift.io/scc: anyuid

Is this bug been fixed for openshift 3.9 ? Is there a workaround to resolve it otherwise we can't access anymore the Web Console ?

Regards

CHARLES MOULLIARD

SOFTWARE ENGINEER MANAGER SPRING(BOOT)

Red Hat

cmoulliard redhat com    M: +32-473-604014    

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]