The file mode is 400, and I think anyuid breaks reading it since the user changes.https://github.com/openshift/
openshift-ansible/blob/master/ roles/openshift_web_console/ files/console-template.yaml# L90The console doesn't need anyuid... I'm not sure what's adding it.SamOn Thu, May 17, 2018 at 9:03 AM, Clayton Coleman <ccoleman redhat com> wrote:anyuid is less restrictive than restricted, unless you customized restricted. Did youvustomize restricted?
On May 17, 2018, at 8:56 AM, Charles Moulliard <cmoullia redhat com> wrote:Hi,If we scale down/up the Replication Set of the OpenShift Web Console, then the new pod created will crash and report"Error: unable to load server certificate: open /var/serving-cert/tls.crt: permission denied"This problem comes from the fact that when the pod is recreated, then the scc annotation is set to anyuid instead of restricted and then the pod can't access the certapiVersion: v1kind: Podmetadata:annotations:openshift.io/scc: anyuidIs this bug been fixed for openshift 3.9 ? Is there a workaround to resolve it otherwise we can't access anymore the Web Console ?