2018-06-20 8:22 GMT+02:00 Daniel Comnea :
> Thanks Slava for reply.
>
> For everyone benefit (in case others come across the same issue) it was
> all down to my custom scc *priority* which was *null*. Once i set it to a
> value higher than 0 ( default 'restricted' scc has 0) then everything
>
2018-06-19 10:31 GMT+02:00 Daniel Comnea :
>
>
> On Mon, Jun 18, 2018 at 11:19 PM, Jordan Liggitt
> wrote:
>
>> Redeploying the application creates new pods.
>>
>> Since you removed the part of your custom scc that allowed it to apply to
>> your pods, those new pods were once again subject to
2018-05-17 15:15 GMT+02:00 Sam Padgett :
> The file mode is 400, and I think anyuid breaks reading it since the user
> changes.
>
> https://github.com/openshift/openshift-ansible/blob/master/
> roles/openshift_web_console/files/console-template.yaml#L90
>
> The console doesn't need anyuid... I'm
I'd like to continue this discussion because this broken configuration
could be easily reproduced by following our own documentation:
https://docs.openshift.org/latest/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile
How we can fix this?
Do we have a virtual group
2018-05-25 10:23 GMT+02:00 Daniel Comnea :
> Slava,
>
> spot on !!!
>
> I don't know why i was under the impression that in 3.7 RBAC been fully
> implemented and everything on parity, guess i was wrong.
>
One doesn't exclude another: RBAC was fully implemented and replaced
2018-05-24 23:16 GMT+02:00 Daniel Comnea :
> Hi,
>
> Is any alternative to "oc adm policy add-scc-to-user" command in the same
> way there is one for "oc create serviceaccount foo" which can be achieved
> by
>
> apiVersion: v1
>
> kind: ServiceAccount
>
> metadata:
>
>
2018-05-24 10:10 GMT+02:00 Charles Moulliard :
> +1 to document somewhere how SCC is working, priority defined, and
> what should be done to resolve such issues
>
Perhaps this info is hard to find but it's there:
2018-05-23 23:06 GMT+02:00 Daniel Comnea <comnea.d...@gmail.com>:
>
>
> On Wed, May 23, 2018 at 5:20 PM, Vyacheslav Semushin <vsemu...@redhat.com>
> wrote:
>
>> 2018-05-17 17:18 GMT+02:00 Charles Moulliard <cmoul...@redhat.com>:
>>
>>> The t
2018-05-17 17:18 GMT+02:00 Charles Moulliard :
> The trick / solution described there doesn t work. I tried also using the
> ansible playbook of Openshift to remove the project and recreate it and the
> pod is always recreated with Openshift annotation = anyuid
>
The reason
2018-03-28 19:17 GMT+02:00 Srinivas Naga Kotaru (skotaru) :
>
> Is it possible to use CAP_LINUX_IMMUTABLE security context with restricted
> SCC? One of our client want to use chattr +a /tmp/logs/*.log command in
> pod. We don’t want to relax or give privileged SCC for any
2017-11-27 10:34 GMT+01:00 Yu Wei :
> Hi,
>
> When running mysql with other containers within one pod, it seemed that
> environment variable "MYSQL_ROOT_PASSWORD" didn't work as expected.
>
> Password set in "MYSQL_ROOT_PASSWORD" couldn't be used for connecting to
> mysql.
>
11 matches
Mail list logo