istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

additional permission steps in openshift for running applications (#542)

This commit is contained in:
Chakradhar Rao Jonagam 2017-09-27 11:16:39 -05:00 committed by Shriram Rajagopalan
parent 9536e59bcc
commit cb2bc20a4c
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
_docs/setup/kubernetes/quick-start.md
View File

@ -48,12 +48,17 @@ If you wish to enable [transparent injection of sidecar]({{home}}/docs/setup/kub
* If you are using [Openshift Origin](https://www.openshift.org) version 3.7 or later,
Openshift by default does not allow containers running with UID 0. Enable containers running
with UID 0 for Istio's service accounts for ingress and egress:
```bash
oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system
oc adm policy add-scc-to-user anyuid -z istio-egress-service-account -n istio-system
```
oc adm policy add-scc-to-user anyuid -z default -n istio-system
```
Service account that runs application pods need privileged security context constraints as part of sidecar injection.
```bash
oc adm policy add-scc-to-user privileged -z default -n <target-namespace>
```
* Install or upgrade the Kubernetes CLI
[kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to
match the version supported by your cluster (version 1.7 or later for CRD