ahh i see thank you very much, now i see the difference
thanks! > El 3 mar 2016, a las 17:27, Clayton Coleman <ccole...@redhat.com> escribió: > > When you create a pod directly as a cluster admin, you have permission > to run as any user. So the check allows you to create that process. > When you run under a replication controller, permission has to be > delegated to ensure that the controller (which is acting on your > behalf) can create a pod that runs that way. The service account is > what is delegated. > >> On Mar 1, 2016, at 9:37 AM, Julio Saura <jsa...@hiberus.com> wrote: >> >> hello >> >> thanks for answering >> >> but why is running without problem if i run my image as a POD without doing >> that and failing when i use RC instead of POD? >> >> thanks >> >> >>> El 1 mar 2016, a las 16:21, Clayton Coleman <ccole...@redhat.com> escribió: >>> >>> Regular Openshift users don't have permission to run as arbitrary >>> UIDs. You can read more here: >>> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >>> >>> To give yourself access as a root user (if you are an admin) run >>> >>> oadm policy add-scc-to-user anyuid -z default >>> >>> Or to let your pods run as any non-root user, run >>> >>> oadm policy add-scc-to-user nonroot -z default >>> >>>> On Mar 1, 2016, at 9:04 AM, Julio Saura <jsa...@hiberus.com> wrote: >>>> >>>> Hello >>>> >>>> i have a working open shift running and maybe is my misunderstanding but i >>>> have a problem with RC >>>> >>>> so, >>>> >>>> i have an own docker image for my app, my entry point in my docker file >>>> creates some directories that are needed for my app to work and starts a >>>> jboss,, so far so good >>>> >>>> the image is running if i define it as a POD, but when i try to create a >>>> RC using that image i am having some weird permission denied when creating >>>> the directories and so my pod dies. >>>> >>>> i have noticed that when i run it as POD my process is running under the >>>> user i define in a step inside my docker file when building the image, but >>>> if i run it on a RC the process is running under an unknown UID >>>> >>>> UID PID PPID C STIME TTY TIME CMD >>>> 1000120+ 1 0 0 17:02 ? 00:00:00 /bin/bash >>>> /etc/init.d/jboss-as st >>>> >>>> and so when that entry point is trying to create the directories i need i >>>> get permission denied errors, logically the process dies and so does my >>>> pod inside de RC .. >>>> >>>> why is this happening? on my dockerfile i add a unix user as the process >>>> proprietary and in my entry point command script i am changing the user >>>> when starting .. running on the RC the user is not created and not used, >>>> but running it as a POD works like a charm.. >>>> >>>> i am missing something? >>>> >>>> best regards >>>> thanks all! >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> users@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
