OpenShift Commands

NOTE: Use more the 8GB of RAM to enable logging.

to begin, first create a project for petra

$ oc login -u system:admin -n <username>

Allow containers to run as root, relaxing permissions

$ oc adm policy add-scc-to-user anyuid -z default

$ oc adm policy add-scc-to-user hostmount-anyuid -z default

$ oc adm policy add-scc-to-user hostaccess -z default

petra params

$ oc adm policy add-scc-to-user anyuid -z petra -n petra

$ oc adm policy add-scc-to-user hostmount-anyuid -z petra -n petra

$ oc adm policy add-scc-to-user hostaccess -z petra -n petra

$ oc adm policy add-scc-to-user privileged -z petra -n petra

Modify your cluster so that it does not pre-allocate UIDs, allows containers to run as any user, prevents privileged containers, and allow host path:

$ oc edit scc restricted

Change runAsUser.Type to RunAsAny.

Ensure allowPrivilegedContainer is set to false.

Set allowHostDirVolumePlugin to true

Save the changes.

Import image

$ oc import-image <image_stream_name>[:<tag>] --from=<docker_image_repo> --confirm

$ oc import-image pdf-renderer:latest --confirm --from=registry.gitlab.com/beardedone/pdf-renderer:latest

To update the image streams, just use oc import-image <NAME OF STREAM>

Other Stuff

Allow user (petra) to run privileged containers

$ oc adm policy add-scc-to-user privileged petra

Relax Security Restrictions

$ oc adm policy add-scc-to-user anyuid -z default

$ oc adm policy add-scc-to-user anyuid -z petra -n petra

$ oc adm policy add-scc-to-user hostmount-anyuid -z petra -n petra

$ oc adm policy add-scc-to-user hostaccess -z petra -n petra

$ oc adm policy add-scc-to-user privileged -z petra -n petra

Allow images to run as root if no user is specified

$ oc adm policy add-scc-to-group anyuid system:authenticated

$ oc adm policy add-scc-to-group hostmount-anyuid system:authenticated

$ oc adm policy add-scc-to-group hostaccess system:authenticated

Restart services

$ master-restart api

$ master-restart controllers