[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cannot start pod from template



Many thanks I will do that.

David Strejc
t: +420734270131

On Mon, Feb 15, 2016 at 4:35 PM, Jordan Liggitt <jliggitt redhat com> wrote:
For deploymentconfigs/replicationcontrollers, you *have* to authorize the service account... your original user isn't around any more, so the service account is all the API has to go on to allow the pod to use host volumes.

On Mon, Feb 15, 2016 at 10:26 AM, David Strejc <david strejc gmail com> wrote:
Any idea anybody?


On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <david strejc gmail com> wrote:
I am still gettting same message.

I don't want to use service account - I am using account "david" which has been added to privileged scc previously.
I've also gave policy hostaccess to this account.

I need to start my pods with mounted socket from Node. It works when I create Pod from pod definition pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: david 
  labels:
    name: david
spec:
  containers:
  #- image: davidstrejc/test2 
  - image: davidstrejc/test2
    name: david 
    volumeMounts:
    - mountPath: /var/lib/mysql/mysql.sock
      name: test-volume
    ports:
    - containerPort: 80
  volumes:
  - name: test-volume
    hostPath:
      path: /var/lib/mysql/mysql.sock
  selector:
    name: david


But when I use template with same account it fails with message I wrote.


On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <ccoleman redhat com> wrote:

Your service account isn't authorized to mount host paths - you want to add the service account "default" in project to the hostaccess SCC

    oadm policy add-scc-to-user hostaccess -z default 

That allows your pod to mount host volumes.

On Feb 12, 2016, at 8:38 AM, David Strejc <david strejc gmail com> wrote:

Dear all,

I got following error when I try to start application from template:

Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.volumeMounts: invalid value 'test-volume', Details: Host Volumes are not allowed to be used] (9 times in the last 2 minutes, 52 seconds)

I've added:

  securityContext:
          privileged: true

into template DeploymentConfig definition and user who is creating app from template is in privileged scc group.

What am I doing wrong?

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]