Re: Inject Custom CA during builds

Might be a use case for testing crio and the secrets for generically updating container ca cert chain. On Tue, Jul 17, 2018, 10:38 Ahmed Ossama wrote: > So I inspected the container runtime, and it turns out to be that > /etc/ssl/certs is a sym link to /etc/pki/tls/certs directory. > >

Re: Inject Custom CA during builds

Maybe you can try to replace/add files inside > /etc/pki/ca-trust/extracted/ You can prepare the files on a real machine and then copy them over to containers as secrets. P.S. SSL was invented exactly to prevent man in the middle (what the appliance is presently doing) as far as I can tell.

Re: Managing Routes with a Service Account

Thanks Clayton. I have made the modification to a ClusterRoleBinding but still see the following output: User \\\"system:serviceaccount:foreman:foreman-operator\\\" cannot get routes in project

Re: Managing Routes with a Service Account

To access things across all namespaces, you need a ClusterRoleBinding, not a RoleBinding. RoleBindings only give you access to the role scoped to the namespace the RoleBinding is in. On Tue, Jul 17, 2018 at 10:21 AM Eric D Helms wrote: > Howdy, > > I am trying to manage routes via a

Re: Origin 3.9.0's Jenkins - forgetful agents!

On Tue, Jul 17, 2018 at 9:09 AM, Alan Christie < achris...@informaticsmatters.com> wrote: > Hi Gabe, > > I’m annotating the ImageStream, essentially doing this: `slave-label: > buildah-slave`. > The Dockerfile and ImageStream YAML template for my agent (a buildah/skopeo > agent) based on

Re: Inject Custom CA during builds

So I inspected the container runtime, and it turns out to be that /etc/ssl/certs is a sym link to /etc/pki/tls/certs directory. Modifiying the destinationDir caused the certificate to be injected, but the build process is still failing because the certificate is not in the global trusted CAs

Managing Routes with a Service Account

Howdy, I am trying to manage routes via a serviceaccount with the following but running into an issue with permission denied: "User \\\"system:serviceaccount:foreman:foreman-operator\\\" cannot get routes in the namespace \\\"foreman\\\"" Resource Definitions: apiVersion:

Re: Origin 3.9.0's Jenkins - forgetful agents!

Hi Gabe, I’m annotating the ImageStream, essentially doing this: `slave-label: buildah-slave`. The Dockerfile and ImageStream YAML template for my agent (a buildah/skopeo agent) based on jenkins-slave-maven-centos can be found at our public repo

Re: Inject Custom CA during builds

On Tue, Jul 17, 2018 at 5:06 AM, Ahmed Ossama wrote: > For option #1, I granted the sa/builder the anyuid scc, and added the > serviceAccount: builder in the buildconfig. I thought this might make the > build run with root (Yes, it's not a good idea to run builds using root, I > was just trying

Re: Origin 3.9.0's Jenkins - forgetful agents!

Hi Alan, Are you leveraging our feature to inject agents by labelling ImageStreams with the label "role" set to a value of "jenkins-slave", or annotating an ImageStreamTag with the same k/v pair? If so, that is going to update the agent definition every those items are are updated in OpenShift.

Re: Inject Custom CA during builds

For option #1, I granted the sa/builder the anyuid scc, and added the serviceAccount: builder in the buildconfig. I thought this might make the build run with root (Yes, it's not a good idea to run builds using root, I was just trying it), but it didn't work anyway. For option #2, I've

Origin 3.9.0's Jenkins - forgetful agents!

Hi, I’m using Jenkins on an OpenShift Origin 3.9.0 deployment and notice that Jenkins periodically forgets the additional settings for my custom agent. I’m using the built-in Jenkins from the catalogue (Jenkins 2.89.4) with all the plugins updated. Incidentally, I doubt it has

Re: Failed to provision volume with StorageClass "glusterfs-storage": create volume error: error creating volume

It seemed that you didn't configure correct heketi endpoint. Could you access http://heketi-storage-glusterfs.cnsc.net manually? Thx, Jared On 2018年06月26日 00:33, Julián Tete wrote: Hello friends Greetings to the OpenShift Origin community