[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configmap configuration

Are you trying to mount the configmap or read from it? The latter does not require any extra role for the pod service account.

On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook <l shobbrook+origin base2services com> wrote:
Hi Guys,
Having some trouble with configmaps with our pods.

In the pods logs we see the following...

2016-06-28 02:45:55.055 [INFO]  [0000-main]     [au.com.consealed.service.interfac.config.SpringConfig]   ConfigMapConfigProperties: ppe
2016-06-28 02:46:46.046 [WARN]  [0000-main]     [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource]     Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked.

From oc rsh ...

sh-4.2$ curl -k -H "Authorization: oAuth XXX"  https://kubernetes.default.svc/api/v1/namespaces/dev/configmap
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot get configmaps in project \"dev\"",
"reason": "Forbidden",
"details": {
"name": "ppe",
"kind": "configmaps"
"code": 403

I'm pretty green with this, but what do I need to do to provide a pod within the the same namespace the correct access to the configmap?
I can see secrets are mounted correctly within /run/secrets/kubernetes.io/serviceaccount/ within the pod

oc version
oc v1.2.0-rc1
kubernetes v1.2.0-36-g4a3f9c5



users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]