oc adm policy add-scc-to-user anyuid -z serviceAccountName -n namespaceName
oc policy add-role-to-user system:image-puller system:serviceaccount:destinationProject:serviceAccount --namespace=sourceProject
In this example, we are exposing the oracle-xe deployment config containerPort 1521 to nodePort 30401.
apiVersion: v1
kind: Service
metadata:
name: oracle-xe
spec:
ports:
- name: tcp-30401
protocol: TCP
port: 1521
targetPort: 1521
nodePort: 30401
selector:
- name: oracle-xe
If we create a route out of this service via: oc expose svc/oracle-xe --hostname=oracle-xe.apps.domain.com
,
Then we should be able to access the oracle database port 1521 via oracle-xe.apps.domain.com:30401
.
Reference: https://docs.openshift.com/container-platform/3.4/install_config/persistent_storage/persistent_storage_nfs.html
A good example of this use case, is mounting the Mongo db data directory.
Create a service account .
# mongo-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: mongo
oc create -f mongo-sa.yaml
Ensure the service account can run as anyuid.
oc adm policy add-scc-to-user anyuid -z mongo
Ensure that the mongodb Deployment or Pod configuration has something like the following .
....
securityContext:
runAsUser: 65534
serviceAccount: mongo
serviceAccountName: mongo
....
volumes:
- name: mongodb-data
persistentVolumeClaim:
claimName: mongodb
....
Where mongodb is a claimName to an NFS Persistent Volume somewhere.
The Azure storageaccount key is too long that when you convert it to base64, it creates a new line somewhere in between. This will cause your storageaccountkey
to not work properly when the Persistent Volume Claim is created. To resolve it, ensure that you remove the newline in between!
echo "Voxv9uJt8r9rpjFiRgs27duT9sdZSHZGAAzCgKhas/2EGR8GD3M78quvcvMO/jms+iXGzz0b7Dexl7EB3SXgTA==" | base64 | awk 'BEGIN{ORS="";} {print}' > text