K
Q

openshift add service account to deployed app

9/9/2020

I'm trying to add a service account to a deployed application but so far I keep getting the "application not available message" I did the following

created service account

oc create sa name-sa
oc add policy add-scc-to-user anyuid -z name-sa -n book

add service account to deployed app

oc set serviceacccount deploymentconfig wordapp name-sa

I check the pods and the application is running but I still not able to see any output from the route and the oc desribe pod command doesn't give any errors

-- alpha
kubernetes
openshift
service-accounts

Similar Questions

How to config https for service which deploy by helm
How to setup auto scale Kubernetes cluster in hybrid mode
How to manage Ingress which routes to different helm subcharts?
GKE Ingress Fails to Route Multiple Paths Under One Host
Kubernetes Ingress SSL certificate problem

1 Answer

9/12/2020

I'm not sure that ServiceAccount's permission causes on this matter. I think first you should check out the relationship of the access flow through Route -> Service -> Pod, and verify your application work well using curl command. I show you the troubleshooting steps as follows.

  1. Check your Route what Service is bound with it. In this case, docker-registry Service is associated with the Route.
$ oc describe route <your routename>
:
Service:	docker-registry
Weight:		100 (100%)
Endpoints:	10.128.1.94:5000   <--- You can check if this IP is matched with your application pod IP.
  1. Then check the Service whether it can detect Endpoint pods correctly.
$ oc describe svc docker-registry
:
Port:              5000-tcp  5000/TCP
TargetPort:        5000/TCP
Endpoints:         10.128.1.94:5000   <--- You can check if this IP is matched with your application pod IP.
  1. Verify the accessibility for the application on the pod using curl
$ oc rsh <your pod name> curl -vs http://localhost:5000/
:
< HTTP/1.1 200 OK   <--- You check if you can get expected response of your application on the pod.
  1. Additionally, you can also check your pod are running with setting SCC permission and ServiceAccount.
4 oc get pod <your podname> -o yaml | grep -E 'scc|serviceAccountName'
    openshift.io/scc: anyuid
  serviceAccountName: name-sa
-- Daein Park
Source: StackOverflow