former, latter... they're just words right? yeah. On Wed, Jun 29, 2016 at 11:08 AM, Jordan Liggitt <jligg...@redhat.com> wrote:
> Other way around... mounting a config map doesn't require the service > account to have special permissions. Reading a configmap via an API call > from within a pod does. > > On Wed, Jun 29, 2016 at 10:58 AM, Luke Meyer <lme...@redhat.com> wrote: > >> Are you trying to mount the configmap or read from it? The latter does >> not require any extra role for the pod service account. >> >> On Wed, Jun 29, 2016 at 8:46 AM, Lewis Shobbrook < >> l.shobbrook+ori...@base2services.com> wrote: >> >>> Hi Guys, >>> Having some trouble with configmaps with our pods. >>> >>> In the pods logs we see the following... >>> >>> 2016-06-28 02:45:55.055 [INFO] [0000-main] >>> [au.com.consealed.service.interfac.config.SpringConfig] >>> ConfigMapConfigProperties: ppe >>> 2016-06-28 02:46:46.046 [WARN] [0000-main] >>> [io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource] >>> Can't read configMap with name: [ppe] in namespace:[dev]. Ignoring >>> io.fabric8.kubernetes.client.KubernetesClientException: Failure >>> executing: GET at: >>> https://kubernetes.default.svc/api/v1/namespaces/dev/configmaps/ppe. >>> Message: Forbidden!Configured service account doesn't have access. Service >>> account may have been revoked. >>> >>> From oc rsh ... >>> >>> sh-4.2$ curl -k -H "Authorization: oAuth XXX" >>> https://kubernetes.default.svc/api/v1/namespaces/dev/configmap >>> { >>> "kind": "Status", >>> "apiVersion": "v1", >>> "metadata": {}, >>> "status": "Failure", >>> "message": "User \"system:anonymous\" cannot get configmaps in project >>> \"dev\"", >>> "reason": "Forbidden", >>> "details": { >>> "name": "ppe", >>> "kind": "configmaps" >>> }, >>> "code": 403 >>> } >>> >>> I'm pretty green with this, but what do I need to do to provide a pod >>> within the the same namespace the correct access to the configmap? >>> I can see secrets are mounted correctly within /run/secrets/ >>> kubernetes.io/serviceaccount/ within the pod >>> >>> oc version >>> oc v1.2.0-rc1 >>> kubernetes v1.2.0-36-g4a3f9c5 >>> >>> Cheers >>> >>> Lew >>> >>> >>> _______________________________________________ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users