Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1364565 - [DOCS] Running a pod with a different service account
Summary: [DOCS] Running a pod with a different service account
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.2.0
Hardware: Unspecified
OS: Unspecified
high
low
Target Milestone: ---
: ---
Assignee: Timothy
QA Contact: zhou ying
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-05 17:57 UTC by Frederic Giloux
Modified: 2016-11-08 06:29 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-08 01:50:13 UTC


Attachments (Terms of Use)

Description Frederic Giloux 2016-08-05 17:57:02 UTC
Document URL: 
https://docs.openshift.com/enterprise/3.2/dev_guide/deployments.html

Section Number and Name: 
Creating a Deployment Configuration

Describe the issue: 
I haven't been able to find in our documentation how you can run a pod with a specific service account (not default). It is pretty straightforward as one just needs to add the following lines at the same level as the securityContext (this is done for instance in the deployment configuration for the registry):
serviceAccount: registry
serviceAccountName: registry


Suggestions for improvement:
Add a few lines in the documentation.

Additional information:

Comment 1 Timothy 2016-08-19 02:10:06 UTC
Updated dev guide -> deployments with info on how to run a pod with a different service account, as described in this BZ.

Frederic, can you review my updates please? I made a new section here:

http://file.bne.redhat.com/tpoitras/2016/runpod/openshift-enterprise/run-pod-diff-svc-acc-BZ1364565/dev_guide/deployments.html#running-a-pod-with-a-different-service-account

Can you also please confirm this would apply to enterprise-3.2, dedicated-3.2, and online?

Doc updates submitted as pull request: https://github.com/openshift/openshift-docs/pull/2687

Comment 2 Frederic Giloux 2016-08-19 04:35:37 UTC
Hi Timothy,

it looks good to me.

Thanks,

Frédéric

Comment 3 Timothy 2016-08-19 04:45:02 UTC
QA: zhou ying 

Please verify that this works, thank you:

http://file.bne.redhat.com/tpoitras/2016/runpod/openshift-enterprise/run-pod-diff-svc-acc-BZ1364565/dev_guide/deployments.html#running-a-pod-with-a-different-service-account

Can you also please confirm this would apply to enterprise-3.2, dedicated-3.2, and online?

Comment 4 zhou ying 2016-08-19 08:26:59 UTC
Confirmed on dedicated-3.2, enterprise-3.3 and online-3.2, this works well, will also verify on enterprise-3.2 when we have resource to build 3.2 env.

Comment 5 zhou ying 2016-08-19 08:28:42 UTC
[zhouy@zhouy Documents]$ oc get po hello-openshift-1-d630g -o yaml
apiVersion: v1
kind: Pod

  serviceAccount: builder
  serviceAccountName: builder
  terminationGracePeriodSeconds: 30
  volumes:
  - name: builder-token-ml423
    secret:
      secretName: builder-token-ml423

[zhouy@zhouy Documents]$ oc get po
NAME                      READY     STATUS    RESTARTS   AGE
hello-openshift-1-d630g   1/1       Running   0          <invalid>

Comment 6 Timothy 2016-08-22 02:41:23 UTC
attn: zhou ying

When will you have the necessary resources to build a 3.2 environment? I just don't want this BZ to stagnate.

Thanks,

Timothy.

Comment 7 zhou ying 2016-08-22 08:24:37 UTC
OCP3.2 works well, will confirmed .

Comment 8 Timothy 2016-08-23 00:52:20 UTC
Moving along to peer review

Comment 9 Timothy 2016-08-29 06:25:46 UTC
made changes based on peer review, merging:

https://github.com/openshift/openshift-docs/pull/2687


Note You need to log in before you can comment on or make changes to this bug.