openshift add service account to deployed app

9/9/2020

I'm trying to add a service account to a deployed application but so far I keep getting the "application not available message" I did the following

created service account

oc create sa name-sa
oc add policy add-scc-to-user anyuid -z name-sa -n book

add service account to deployed app

oc set serviceacccount deploymentconfig wordapp name-sa

I check the pods and the application is running but I still not able to see any output from the route and the oc desribe pod command doesn't give any errors

-- alpha
kubernetes
openshift
service-accounts

1 Answer

9/12/2020

I'm not sure that ServiceAccount's permission causes on this matter. I think first you should check out the relationship of the access flow through Route -> Service -> Pod, and verify your application work well using curl command. I show you the troubleshooting steps as follows.

  1. Check your Route what Service is bound with it. In this case, docker-registry Service is associated with the Route.
$ oc describe route <your routename>
:
Service:	docker-registry
Weight:		100 (100%)
Endpoints:	10.128.1.94:5000   <--- You can check if this IP is matched with your application pod IP.
  1. Then check the Service whether it can detect Endpoint pods correctly.
$ oc describe svc docker-registry
:
Port:              5000-tcp  5000/TCP
TargetPort:        5000/TCP
Endpoints:         10.128.1.94:5000   <--- You can check if this IP is matched with your application pod IP.
  1. Verify the accessibility for the application on the pod using curl
$ oc rsh <your pod name> curl -vs http://localhost:5000/
:
< HTTP/1.1 200 OK   <--- You check if you can get expected response of your application on the pod.
  1. Additionally, you can also check your pod are running with setting SCC permission and ServiceAccount.
4 oc get pod <your podname> -o yaml | grep -E 'scc|serviceAccountName'
    openshift.io/scc: anyuid
  serviceAccountName: name-sa
-- Daein Park
Source: StackOverflow