Bug 1322125 - [DOCS] Missing step in "RED HAT ENTERPRISE LINUX ATOMIC HOST 7 GETTING STARTED WITH CONTAINERS"
Summary: [DOCS] Missing step in "RED HAT ENTERPRISE LINUX ATOMIC HOST 7 GETTING STARTE...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-RHEL-Atomic
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Chris Negus
QA Contact: Vikram Goyal
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-29 20:56 UTC by Michael Nguyen
Modified: 2019-03-06 01:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-10 01:11:12 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Michael Nguyen 2016-03-29 20:56:37 UTC 
In Section 2 of "RED HAT ENTERPRISE LINUX ATOMIC HOST 7 GETTING STARTED WITH CONTAINERS" (https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/version-7/getting-started-with-containers/#get_started_orchestrating_containers_with_kubernetes), there is a step that is missing that will cause an error in the replication controller when creating the "Simple Apache Web Server" and "Simple Database Server" containers.


If following the directions from the docs, the output of kubectl describe replicationcontroller/webserver-controller and kubectl describe replicationcontroller/db-controller will show an error creating the web and db pods (see output below).  

[cloud-user@rhah-0 manifests]$ kubectl describe replicationcontroller/webserver-controller
Name:		webserver-controller
Namespace:	default
Image(s):	webwithdb
Selector:	name=webserver
Labels:		name=webserver,uses=db
Replicas:	0 current / 1 desired
Pods Status:	0 Running / 0 Waiting / 0 Succeeded / 0 Failed
No volumes.
Events:
  FirstSeen	LastSeen	Count	From				SubobjectPath	Reason		Message
  ─────────	────────	─────	────				─────────────	──────		───────
  35m		18m		33	{replication-controller }			FailedCreate	Error creating: Pod "webserver-controller-" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account
  17m		18s		35	{replication-controller }			FailedCreate	Error creating: Pod "webserver-controller-" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account



To fix this, "ServiceAccount" must be removed from the KUBE_ADMISSION_CONTROL property in /etc/kubernetes/apiserver.

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"


This step should be added in Section 2.3.2 before or after step 3.


System:
Red Hat Enterprise Linux Atomic Host release 7.2
Comment 2 Chris Negus 2016-06-09 03:57:48 UTC 
I added the command line options to the manifest file to make sure the "ServiceAccount" option was not used in the example. Then the document is published, it will appear here: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/version-7/getting-started-with-containers/#get_started_orchestrating_containers_with_kubernetes
Comment 3 Vikram Goyal 2016-06-10 01:11:12 UTC 
Thanks Chris. This is now live and can be verified here [1].

Moving this to CLOSED-->CURRENTRELEASE.


[1] https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/version-7/getting-started-with-containers/#get_started_orchestrating_containers_with_kubernetes
Note You need to log in before you can comment on or make changes to this bug.