I tried that: oadm policy add-acc-to-user hostmount-anyuid system:serviceaccount: openshift-infra:replication-controller ... and I still get the error. Is there any way to get the user name/group that fails authentication? Alan
On Tue, May 17, 2016 at 9:33 AM, Clayton Coleman <ccole...@redhat.com> wrote: > anyuid doesn't grant hostPath, since that's a much more dangerous > permission. You want grant hostmount-anyuid > > On Tue, May 17, 2016 at 11:44 AM, Alan Jones <ajo...@diamanti.com> wrote: > > I have several containers that we run using K8 that require host volume > > access. > > For example, I have a container called "evdispatch-v1" that I'm trying to > > launch in a replication controller and get the below error. > > Following an example from "Enable Dockerhub Images that Require Root" in > > ( > https://docs.openshift.org/latest/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile > ) > > I tried: > > oadm policy add-scc-to-user anyuid > > system:serviceaccount:openshift-infra:replication-controller > > But still get the error. > > Do you know what I need to do? > > Who knows more about this stuff? > > Alan > > --- > > WARNING evdispatch-v1 49e7ac4e-1bae-11e6-88c0-080027767789 > > ReplicationController replication-controller FailedCreate > > Error creating: pods "evdispatch-v1-" is forbidden: unable to validate > > against any security context constraint: > > [spec.containers[0].securityContext.volumes[0]: Invalid value: > "hostPath": > > hostPath volumes are not allowed to be used > > spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": > > hostPath volumes are not allowed to be used] > > > > _______________________________________________ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
