[Platformone] [Non-DoD Source] Re: EXT :Re: OpenShift Questions
ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP
ademola.abodunrin at us.af.mil
Tue Dec 3 18:43:10 UTC 2019
Good afternoon All,
Please assist us with the problem below. The team has logged a ticket in the GitLab as well.
Most Sincerely,
Ade Abodunrin, GG-12, USAF
Product Owner (Cybertron & Ginyu Force), Unified Platform
[cid:image001.png at 01D4F814.4AA552D0]
LevelUP Code Works
Commercial: (210) 890-2113
NIPR email: ademola.abodunrin at us.af.mil
________________________________
From: ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP
Sent: Friday, November 22, 2019 1:50 PM
To: Mike Knoth <mike.knoth at g2-inc.com>; Kendall, Russell C <Russell.Kendall at mantech.com>; Walter Steins <walter.steins at bylight.com>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com>
Cc: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com>; Marc Cooper <marc.cooper at g2-inc.com>
Subject: RE: [Non-DoD Source] Re: EXT :Re: OpenShift Questions
Good afternoon Walter/Eric,
Please who is able to assist us with Mike’s concern below?
Thanks for your help!
Most Sincerely,
Ade Abodunrin, GG-12, USAF
Acquisition Program Manager
[cid:image001.png at 01D4F814.4AA552D0]
LevelUP Code Works
Commercial: (210) 890-2113
NIPR email: ademola.abodunrin at us.af.mil<mailto:ademola.abodunrin at us.af.mil>
From: Mike Knoth <mike.knoth at g2-inc.com>
Sent: Wednesday, November 20, 2019 10:22 AM
To: Kendall, Russell C <Russell.Kendall at mantech.com>
Cc: Walter Steins <walter.steins at bylight.com>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com>; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com>; ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <ademola.abodunrin at us.af.mil>; Marc Cooper <marc.cooper at g2-inc.com>
Subject: [Non-DoD Source] Re: EXT :Re: OpenShift Questions
Thanks I got a lot closer now, with some components being deployed. I'm getting some errors unique to this Openshift though. The below is something I have in my YAML file, for several of the components.
securityContext:
fsGroup: 11111
runAsUser: 11111
With the "runAsUser", Openshift would say:
Error creating: pods "openam-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group spec.initContainers[0].securityContext.securityContext.runAsUser: Invalid value: 11111: must be in the ranges: [1000910000, 1000919999]
I fixed that by making the "runAsUser" 1000911111 instead, though I'm not sure what affects that will have once everything is running.
And then for the group, it says:
Error creating: pods "openig-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group]
I tried changing this "fsGroup" to 1000911111 but that also fails. So I'm not sure what to put in this value.
Do you know how you can make your policy less restrictive, or how I could make the policy less restrictive, to fix the above?
On Tue, Nov 19, 2019 at 2:35 PM Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>> wrote:
Mike,
Here's the URL for the registry:
https://docker-registry-default.apps.cluster.unified-platform.io <https://docker-registry-default.apps.cluster.unified-platform.io/>
I'm not sure how you deploy your pipeline and apps, but our Ansible scripts take care of creating the namespaces (projects) for us. For example, you may deploy your projects stored locally via oc new-app /path/to/project
There are a number of existing projects, you just don't have visibility. Mr. Steins is responsible for assigning roles and is figuring out group memberships that will allow you to control access to your projects by groups instead of by individual. In the meantime you'll need to add each user to each project.
V/R,
Russell C Kendall
________________________________
From: Mike Knoth <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>
Sent: Tuesday, November 19, 2019 12:35 PM
To: Walter Steins
Cc: Blade, Eric D [US] (MS); McKay, Brent [US] (MS) (Contr); Kendall, Russell C
Subject: Re: EXT :Re: OpenShift Questions
Yes I'm logged on openshift right now. And I'm logged on the OC console. But I'm a bit stuck until I can figure out how to docker login, as something like this does not work:
docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry-default.unified-platform.io<http://docker-registry-default.unified-platform.io>
And I'm also stuck until this can show my project which I can deploy to:
UrsaMajor:up mike.knoth$ oc projects
You have one project on this server: "dsop-images".
On Tue, Nov 19, 2019 at 1:33 PM Walter Steins <walter.steins at bylight.com<mailto:walter.steins at bylight.com>> wrote:
Eric,
All of the requested accounts were created.
[cid:image001.jpg at 01D5791E.F20F5AD0]
Walter “Wally” Steins
Cloud Engineer
m: 210.383.9227 | walter.steins at bylight.com<mailto:walter.steins at bylight.com>
By Light Professional IT Services LLC
8484 Westpark Drive Suite 600 McLean VA 22102
f: 703.778.7835 | www.bylight.com<http://www.bylight.com/>
From: Blade, Eric D [US] (MS) <Eric.Blade at ngc.com<mailto:Eric.Blade at ngc.com>>
Sent: Tuesday, November 19, 2019 12:32 PM
To: 'Mike Knoth' <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>>
Cc: Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>>; Walter Steins <walter.steins at bylight.com<mailto:walter.steins at bylight.com>>
Subject: RE: EXT :Re: OpenShift Questions
[EXTERNAL EMAIL]
Mike,
This is deployed as a “production cluster”, so there is no development capabilities. Just an OpenShift environment for running the apps.
You will need to get your Openshift account created if it was not done so already. Wally Stein (CC’d) can do that for you. After that my knowledge runs thin. Russell was able to get their app deployed via the OpenShift console.
Thanks
Eric
From: Mike Knoth <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>
Sent: Tuesday, November 19, 2019 1:27 PM
To: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>>
Cc: Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com<mailto:Eric.Blade at ngc.com>>
Subject: EXT :Re: OpenShift Questions
Russell/Eric,
Hi - do either of you know how I can login to docker from my local macbook? (to the openshift on https://cluster.unified-platform.io/)
I was going to use the "bastion" box (52.222.26.122) to do development on, but that doesn't even have git on it. So I guess I have to use my macbook.
Also do you know who can create new openshift projects for me on https://cluster.unified-platform.io/?
On Tue, Nov 19, 2019 at 1:23 PM McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>> wrote:
Russell/Eric,
Mike Knoth(cc’d) approached me regarding the OpenShift deployment I understand the two of you stood up last week while at SpaceCAMP. I believe he was instructed to deploy DAS on said cluster. I wanted to get him in contact with the two of you so he can get his questions to the individuals in the know. Thanks,
Brent
--
Mike Knoth
Software Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.
Technical Solutions Division
[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>
Mobile: (320) 305-6453
Confidentiality Statement:
HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.
This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.
--
Mike Knoth
Software Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.
Technical Solutions Division
[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>
Mobile: (320) 305-6453
Confidentiality Statement:
HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.
________________________________
This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.
--
Mike Knoth
Software Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.
Technical Solutions Division
[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>
Mobile: (320) 305-6453
Confidentiality Statement:
HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191203/82ae7c6f/attachment.htm>
More information about the platformONE
mailing list