[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Error setting up EFK logging: Error from serv er: User "system:serviceaccount:logging:loggi ng-deployer" cannot list configmaps in projec t "logging"



Hi,

I've tried to set up logging with the EFK stack according to the documentation for OpenShift 3.2, but when I try to deploy the logging-deployer pod it fails into Error status with the following error message in the container log:

[...]
+ echo 'Attaching secrets to service accounts'
+ oc secrets add serviceaccount/aggregated-logging-kibana logging-kibana logging-kibana-proxy
+ oc secrets add serviceaccount/aggregated-logging-elasticsearch logging-elasticsearch
+ oc secrets add serviceaccount/aggregated-logging-fluentd logging-fluentd
+ oc secrets add serviceaccount/aggregated-logging-curator logging-curator
Deleting configmaps
+ '[' -n '' ']'
+ generate_configmaps
+ echo 'Deleting configmaps'
+ oc delete configmap -l logging-infra=support
Error from server: User "system:serviceaccount:logging:logging-deployer" cannot list configmaps in project "logging"

[ full output at http://pastebin.com/sUZrNX1b ]

When I take a look who is allowed to list configmaps the logging-deployer serviceaccount is not listed:
10:18:16 root osmaster:~> oc policy who-can list configmap -n logging
Namespace: logging
Verb: list
Resource: configmaps

Users: system:serviceaccount:openshift-infra:namespace-controller

Groups: system:cluster-admins
system:masters

But to be honest I don't have a clue how to add a verb/resource pair to a serviceaccount.
I've tried to add the view/edit/admin roles to the serviceaccount but no luck.

Any help would be greatly appreciated!

Thanks and kind regards,
Lemmy.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]