[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: configmap configuration



Other way around... mounting a config map doesn't require the service account to have special permissions. Reading a configmap via an API call from within a pod does.

On Wed, Jun 29, 2016 at 10:58 AM, Luke Meyer <lmeyer redhat com> wrote:
Are you trying to mount the configmap or read from it? The latter does not require any extra role for the pod service account.

On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook <l shobbrook+origin base2services com> wrote:
Hi Guys,
Having some trouble with configmaps with our pods.

In the pods logs we see the following...

2016-06-28 02:45:55.055 [INFO]  [0000-main]     [au.com.consealed.service.interfac.config.SpringConfig]   ConfigMapConfigProperties: ppe
2016-06-28 02:46:46.046 [WARN]  [0000-main]     [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource]     Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked.

From oc rsh ...

sh-4.2$ curl -k -H "Authorization: oAuth XXX"  https://kubernetes.default.svc/api/v1/namespaces/dev/configmap
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot get configmaps in project \"dev\"",
"reason": "Forbidden",
"details": {
"name": "ppe",
"kind": "configmaps"
},
"code": 403
}

I'm pretty green with this, but what do I need to do to provide a pod within the the same namespace the correct access to the configmap?
I can see secrets are mounted correctly within /run/secrets/kubernetes.io/serviceaccount/ within the pod

oc version
oc v1.2.0-rc1
kubernetes v1.2.0-36-g4a3f9c5

Cheers

Lew


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]