[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cannot start pod from template



I am still gettting same message.

I don't want to use service account - I am using account "david" which has been added to privileged scc previously.
I've also gave policy hostaccess to this account.

I need to start my pods with mounted socket from Node. It works when I create Pod from pod definition pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: david 
  labels:
    name: david
spec:
  containers:
  #- image: davidstrejc/test2 
  - image: davidstrejc/test2
    name: david 
    volumeMounts:
    - mountPath: /var/lib/mysql/mysql.sock
      name: test-volume
    ports:
    - containerPort: 80
  volumes:
  - name: test-volume
    hostPath:
      path: /var/lib/mysql/mysql.sock
  selector:
    name: david


But when I use template with same account it fails with message I wrote.

David Strejc
t: +420734270131

On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <ccoleman redhat com> wrote:
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints

Your service account isn't authorized to mount host paths - you want to add the service account "default" in project to the hostaccess SCC

    oadm policy add-scc-to-user hostaccess -z default 

That allows your pod to mount host volumes.

On Feb 12, 2016, at 8:38 AM, David Strejc <david strejc gmail com> wrote:

Dear all,

I got following error when I try to start application from template:

Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.volumeMounts: invalid value 'test-volume', Details: Host Volumes are not allowed to be used] (9 times in the last 2 minutes, 52 seconds)

I've added:

  securityContext:
          privileged: true

into template DeploymentConfig definition and user who is creating app from template is in privileged scc group.

What am I doing wrong?

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]