[Platformone] [Non-DoD Source] Re: EXT :Re: OpenShift Questions

ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP ademola.abodunrin at us.af.mil
Tue Dec 3 18:43:10 UTC 2019 

Good afternoon All,


Please assist us with the problem below. The team has logged a ticket in the GitLab as well.



Most Sincerely,


Ade Abodunrin, GG-12, USAF

Product Owner (Cybertron & Ginyu Force), Unified Platform


[cid:image001.png at 01D4F814.4AA552D0]

LevelUP Code Works

Commercial:  (210) 890-2113

NIPR email: ademola.abodunrin at us.af.mil




________________________________
From: ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP
Sent: Friday, November 22, 2019 1:50 PM
To: Mike Knoth <mike.knoth at g2-inc.com>; Kendall, Russell C <Russell.Kendall at mantech.com>; Walter Steins <walter.steins at bylight.com>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com>
Cc: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com>; Marc Cooper <marc.cooper at g2-inc.com>
Subject: RE: [Non-DoD Source] Re: EXT :Re: OpenShift Questions


Good afternoon Walter/Eric,



Please who is able to assist us with Mike’s concern below?



Thanks for your help!



Most Sincerely,



Ade Abodunrin, GG-12, USAF

Acquisition Program Manager



[cid:image001.png at 01D4F814.4AA552D0]

LevelUP Code Works



Commercial: (210) 890-2113

NIPR email: ademola.abodunrin at us.af.mil<mailto:ademola.abodunrin at us.af.mil>



From: Mike Knoth <mike.knoth at g2-inc.com>
Sent: Wednesday, November 20, 2019 10:22 AM
To: Kendall, Russell C <Russell.Kendall at mantech.com>
Cc: Walter Steins <walter.steins at bylight.com>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com>; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com>; ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <ademola.abodunrin at us.af.mil>; Marc Cooper <marc.cooper at g2-inc.com>
Subject: [Non-DoD Source] Re: EXT :Re: OpenShift Questions



Thanks I got a lot closer now, with some components being deployed. I'm getting some errors unique to this Openshift though. The below is something I have in my YAML file, for several of the components.



        securityContext:
          fsGroup: 11111
          runAsUser: 11111



With the "runAsUser", Openshift would say:

Error creating: pods "openam-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group spec.initContainers[0].securityContext.securityContext.runAsUser: Invalid value: 11111: must be in the ranges: [1000910000, 1000919999]



I fixed that by making the "runAsUser" 1000911111 instead, though I'm not sure what affects that will have once everything is running.



And then for the group, it says:

Error creating: pods "openig-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group]




I tried changing this "fsGroup" to 1000911111 but that also fails. So I'm not sure what to put in this value.



Do you know how you can make your policy less restrictive, or how I could make the policy less restrictive, to fix the above?













On Tue, Nov 19, 2019 at 2:35 PM Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>> wrote:

Mike,

Here's the URL for the registry:

 https://docker-registry-default.apps.cluster.unified-platform.io  <https://docker-registry-default.apps.cluster.unified-platform.io/>



I'm not sure how you deploy your pipeline and apps, but our Ansible scripts take care of creating the namespaces (projects) for us. For example, you may deploy your projects stored locally via oc new-app /path/to/project



There are a number of existing projects, you just don't have visibility. Mr. Steins is responsible for assigning roles and is figuring out group memberships that will allow you to control access to your projects by groups instead of by individual. In the meantime you'll need to add each user to each project.



V/R,

Russell C Kendall

________________________________

From: Mike Knoth <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>
Sent: Tuesday, November 19, 2019 12:35 PM
To: Walter Steins
Cc: Blade, Eric D [US] (MS); McKay, Brent [US] (MS) (Contr); Kendall, Russell C
Subject: Re: EXT :Re: OpenShift Questions



Yes I'm logged on openshift right now. And I'm logged on the OC console. But I'm a bit stuck until I can figure out how to docker login, as something like this does not work:



docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry-default.unified-platform.io<http://docker-registry-default.unified-platform.io>





And I'm also stuck until this can show my project which I can deploy to:



UrsaMajor:up mike.knoth$ oc projects
You have one project on this server: "dsop-images".







On Tue, Nov 19, 2019 at 1:33 PM Walter Steins <walter.steins at bylight.com<mailto:walter.steins at bylight.com>> wrote:

Eric,



All of the requested accounts were created.





[cid:image001.jpg at 01D5791E.F20F5AD0]


Walter “Wally” Steins

Cloud Engineer

m: 210.383.9227 | walter.steins at bylight.com<mailto:walter.steins at bylight.com>

By Light Professional IT Services LLC
8484 Westpark Drive Suite 600 McLean VA 22102
f: 703.778.7835 | www.bylight.com<http://www.bylight.com/>








From: Blade, Eric D [US] (MS) <Eric.Blade at ngc.com<mailto:Eric.Blade at ngc.com>>
Sent: Tuesday, November 19, 2019 12:32 PM
To: 'Mike Knoth' <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>>
Cc: Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>>; Walter Steins <walter.steins at bylight.com<mailto:walter.steins at bylight.com>>
Subject: RE: EXT :Re: OpenShift Questions



[EXTERNAL EMAIL]

Mike,

  This is deployed as a “production cluster”, so there is no development capabilities.  Just an OpenShift environment for running the apps.



You will need to get your Openshift account created if it was not done so already.  Wally Stein (CC’d) can do that for you.  After that my knowledge runs thin.   Russell was able to get their app deployed via the OpenShift console.



Thanks



Eric





From: Mike Knoth <mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>>
Sent: Tuesday, November 19, 2019 1:27 PM
To: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>>
Cc: Kendall, Russell C <Russell.Kendall at mantech.com<mailto:Russell.Kendall at mantech.com>>; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com<mailto:Eric.Blade at ngc.com>>
Subject: EXT :Re: OpenShift Questions



Russell/Eric,



Hi - do either of you know how I can login to docker from my local macbook? (to the openshift on https://cluster.unified-platform.io/)



I was going to use the "bastion" box (52.222.26.122) to do development on, but that doesn't even have git on it. So I guess I have to use my macbook.



Also do you know who can create new openshift projects for me on https://cluster.unified-platform.io/?



On Tue, Nov 19, 2019 at 1:23 PM McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com<mailto:Brent.McKay at ngc.com>> wrote:

Russell/Eric,



Mike Knoth(cc’d) approached me regarding the OpenShift deployment I understand the two of you stood up last week while at SpaceCAMP. I believe he was instructed to deploy DAS on said cluster. I wanted to get him in contact with the two of you so he can get his questions to the individuals in the know. Thanks,



Brent




--

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>

Mobile: (320) 305-6453



Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.

This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.





--

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>

Mobile: (320) 305-6453



Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.



________________________________

This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.




--

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

[https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5]

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com<mailto:mike.knoth at g2-inc.com>

Mobile: (320) 305-6453



Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191203/82ae7c6f/attachment.htm>

More information about the platformONE mailing list