[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Error setting up EFK logging: Error from server: User "system:serviceaccount:logging:logging-deployer" cannot list configmaps in project "logging"

First, when checking permissions, resources are always plural: `oc policy who-can list configmaps -n logging`

The view role will grant this access (along with access to many other non-escalating resources in the project). You can grant it like this:

   oc policy add-role-to-user view -z logging-deployer -n logging

On Tue, Jul 12, 2016 at 4:50 AM, Michael Leimenmeier <mleimenmeier me com> wrote:

I've tried to set up logging with the EFK stack according to the documentation for OpenShift 3.2, but when I try to deploy the logging-deployer pod it fails into Error status with the following error message in the container log:

+ echo 'Attaching secrets to service accounts'
+ oc secrets add serviceaccount/aggregated-logging-kibana logging-kibana logging-kibana-proxy
+ oc secrets add serviceaccount/aggregated-logging-elasticsearch logging-elasticsearch
+ oc secrets add serviceaccount/aggregated-logging-fluentd logging-fluentd
+ oc secrets add serviceaccount/aggregated-logging-curator logging-curator
Deleting configmaps
+ '[' -n '' ']'
+ generate_configmaps
+ echo 'Deleting configmaps'
+ oc delete configmap -l logging-infra=support
Error from server: User "system:serviceaccount:logging:logging-deployer" cannot list configmaps in project "logging"

[ full output at http://pastebin.com/sUZrNX1b ]

When I take a look who is allowed to list configmaps the logging-deployer serviceaccount is not listed:
10:18:16 root osmaster:~> oc policy who-can list configmap -n logging
Namespace: logging
Verb: list
Resource: configmaps

Users: system:serviceaccount:openshift-infra:namespace-controller

Groups: system:cluster-admins

But to be honest I don't have a clue how to add a verb/resource pair to a serviceaccount.
I've tried to add the view/edit/admin roles to the serviceaccount but no luck.

Any help would be greatly appreciated!

Thanks and kind regards,

users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]