What service account is the ipfa-pod using, and can you verify that
the SCC correctly points to it?
On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <franbarrera6 gmail com> wrote:
> If I try "oc rsh ipfa-pod" this is the output:
> Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable to
> validate against any security context constraint: [provider restricted:
> .spec.securityContext.hostNetwork: invalid value 'true', Details: Host
> network is not allowed to be used provider restricted:
> .spec.containers.securityContext.privileged: invalid value 'true',
> Details: Privileged containers are not allowed provider restricted:
> .spec.containers.securityContext.VolumeMounts: invalid value
> 'lib-modules', Details: Host Volumes are not allowed to be used provider
> restricted: .spec.containers.securityContext.containers.0.hostPort:
> invalid value '1985', Details: Host ports are not allowed to be used]
> I've created the ip failover with the same scc that the router.
> 2016-02-15 13:54 GMT+01:00 Fran Barrera <franbarrera6 gmail com>:
>> I've a problem to deploy router in HA. I've following the steps
>> Everything was correct. I can see the VIP that I've assigned in the Node:
>> [root openshift-master1 ~]# ip addr show
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
>> UP qlen 1000
>> inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic eth0
>> valid_lft 80140sec preferred_lft 80140sec
>> inet 10.14.128.155/32 scope global eth0
>> valid_lft forever preferred_lft forever
>> From this Node I can ping correctly, but from other node or other PC I
>> can't access to this VIP, so I can't put his VIP in the DNS.
>> It's like that the problem is Iptables of this node, but I'm not sure, so
>> I don't know what is happening.
>> Any suggestions?
>> Best Regards,
> users mailing list
> users lists openshift redhat com