Re: Custom SCC assigned to wrong pods

2018-06-20 8:22 GMT+02:00 Daniel Comnea : > Thanks Slava for reply. > > For everyone benefit (in case others come across the same issue) it was > all down to my custom scc *priority* which was *null*. Once i set it to a > value higher than 0 ( default 'restricted' scc has 0) then everything >

Re: Custom SCC assigned to wrong pods

2018-06-19 10:31 GMT+02:00 Daniel Comnea : > > > On Mon, Jun 18, 2018 at 11:19 PM, Jordan Liggitt > wrote: > >> Redeploying the application creates new pods. >> >> Since you removed the part of your custom scc that allowed it to apply to >> your pods, those new pods were once again subject to

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 15:15 GMT+02:00 Sam Padgett : > The file mode is 400, and I think anyuid breaks reading it since the user > changes. > > https://github.com/openshift/openshift-ansible/blob/master/ > roles/openshift_web_console/files/console-template.yaml#L90 > > The console doesn't need anyuid... I'm

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

I'd like to continue this discussion because this broken configuration could be easily reproduced by following our own documentation: https://docs.openshift.org/latest/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile How we can fix this? Do we have a virtual group

Re: Any alternative to "oc adm policy add-scc-to-user" ?

2018-05-25 10:23 GMT+02:00 Daniel Comnea : > Slava, > > spot on !!! > > I don't know why i was under the impression that in 3.7 RBAC been fully > implemented and everything on parity, guess i was wrong. > One doesn't exclude another: RBAC was fully implemented and replaced

Re: Any alternative to "oc adm policy add-scc-to-user" ?

2018-05-24 23:16 GMT+02:00 Daniel Comnea : > Hi, > > Is any alternative to "oc adm policy add-scc-to-user" command in the same > way there is one for "oc create serviceaccount foo" which can be achieved > by > > apiVersion: v1 > > kind: ServiceAccount > > metadata: > >

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-24 10:10 GMT+02:00 Charles Moulliard : > +1 to document somewhere how SCC is working, priority defined, and > what should be done to resolve such issues > Perhaps this info is hard to find but it's there:

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-23 23:06 GMT+02:00 Daniel Comnea <comnea.d...@gmail.com>: > > > On Wed, May 23, 2018 at 5:20 PM, Vyacheslav Semushin <vsemu...@redhat.com> > wrote: > >> 2018-05-17 17:18 GMT+02:00 Charles Moulliard <cmoul...@redhat.com>: >> >>> The t

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 17:18 GMT+02:00 Charles Moulliard : > The trick / solution described there doesn t work. I tried also using the > ansible playbook of Openshift to remove the project and recreate it and the > pod is always recreated with Openshift annotation = anyuid > The reason

Re: CAP_LINUX_IMMUTABLE

2018-03-28 19:17 GMT+02:00 Srinivas Naga Kotaru (skotaru) : > > Is it possible to use CAP_LINUX_IMMUTABLE security context with restricted > SCC? One of our client want to use chattr +a /tmp/logs/*.log command in > pod. We don’t want to relax or give privileged SCC for any

Re: environment variables when running multiple containers in one pod

2017-11-27 10:34 GMT+01:00 Yu Wei : > Hi， > > When running mysql with other containers within one pod, it seemed that > environment variable "MYSQL_ROOT_PASSWORD" didn't work as expected. > > Password set in "MYSQL_ROOT_PASSWORD" couldn't be used for connecting to > mysql. >