I am still gettting same message.I don't want to use service account - I am using account "david" which has been added to privileged scc previously.I've also gave policy hostaccess to this account.I need to start my pods with mounted socket from Node. It works when I create Pod from pod definition pod.yaml:apiVersion: v1kind: Podmetadata:name: davidlabels:name: davidspec:containers:#- image: davidstrejc/test2- image: davidstrejc/test2name: davidvolumeMounts:- mountPath: /var/lib/mysql/mysql.sockname: test-volumeports:- containerPort: 80volumes:- name: test-volumehostPath:path: /var/lib/mysql/mysql.sockselector:name: davidBut when I use template with same account it fails with message I wrote.On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <ccoleman redhat com> wrote:https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraintsYour service account isn't authorized to mount host paths - you want to add the service account "default" in project to the hostaccess SCCoadm policy add-scc-to-user hostaccess -z defaultThat allows your pod to mount host volumes.
On Feb 12, 2016, at 8:38 AM, David Strejc <david strejc gmail com> wrote:Dear all,I got following error when I try to start application from template:Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate against any security context constraint: [spec.containers.securityContext.volumeMounts: invalid value 'test-volume', Details: Host Volumes are not allowed to be used] (9 times in the last 2 minutes, 52 seconds)I've added:_______________________________________________
users mailing list
users lists openshift redhat com