Permissions issues and image pull failures after 3.5 to 3.6 upgrade

Solution Unverified - Updated -

Issue

  • All nodes fail to pull images from the openshift project in the internal registry with:
Failed to pull image "172.30.217.14:5000/openshift/example@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx": rpc error: code = 2 desc = unauthorized: authentication required
  • I created a unique namespace for each project and can now grant a user access to a particular project BUT now that user cannot use or create a new project
Error
Access denied
The project testing does not exist or you are not authorized to view it.
  • I moved each image from /openshift/projectname to /projectname/projectname and then assigned access to a new user:
# oadm policy add-role-to-user admin <username> -n <existingprojectname>
  • But user does not have access

  • After upgrade 3.5 to 3.6, roles seem broken and my users cannot do what they need

Environment

  • Red Hat OpenShift Container Platform
    • 3.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.