[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Router High Availability



Hello Clayton,

The service account is router (I've tried to create a new service account for ipfailover but the same error). Yes, the SCC is privileged, if I edit this I can see the service account:

- system:serviceaccount:default:router

Regards.

2016-02-15 16:13 GMT+01:00 Clayton Coleman <ccoleman redhat com>:
What service account is the ipfa-pod using, and can you verify that
the SCC correctly points to it?

On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <franbarrera6 gmail com> wrote:
> If I try "oc rsh ipfa-pod" this is the output:
>
> Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable to
> validate against any security context constraint: [provider restricted:
> .spec.securityContext.hostNetwork: invalid value 'true', Details: Host
> network is not allowed to be used provider restricted:
> .spec.containers[0].securityContext.privileged: invalid value 'true',
> Details: Privileged containers are not allowed provider restricted:
> .spec.containers[0].securityContext.VolumeMounts: invalid value
> 'lib-modules', Details: Host Volumes are not allowed to be used provider
> restricted: .spec.containers[0].securityContext.containers.0.hostPort:
> invalid value '1985', Details: Host ports are not allowed to be used]
>
> I've created the ip failover with the same scc that the router.
>
>
>
> 2016-02-15 13:54 GMT+01:00 Fran Barrera <franbarrera6 gmail com>:
>>
>> Hello,
>>
>> I've a problem to deploy router in HA. I've following the steps
>> (https://docs.openshift.org/latest/admin_guide/high_availability.html).
>>
>> Everything was correct. I can see the VIP that I've assigned in the Node:
>>
>> [root openshift-master1 ~]# ip addr show
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
>> UP qlen 1000
>>     inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic eth0
>>        valid_lft 80140sec preferred_lft 80140sec
>>     inet 10.14.128.155/32 scope global eth0
>>        valid_lft forever preferred_lft forever
>>
>> From this Node I can ping correctly, but from other node or other PC I
>> can't access to this VIP, so I can't put his VIP in the DNS.
>>
>> It's like that the problem is Iptables of this node, but I'm not sure, so
>> I don't know what is happening.
>>
>> Any suggestions?
>>
>> Best Regards,
>> Fran.
>
>
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]