kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

后端 未结 2 1900
旧巷少年郎
旧巷少年郎 2021-02-14 09:37

kubernetes PodSecurityPolicy set to runAsNonRoot, pods are not getting started post that Getting error Error: container has runAsNonRoot and image has non-numeric user (appuser)

2条回答
  •  小鲜肉
    小鲜肉 (楼主)
    2021-02-14 10:14

    Here is the implementation of the verification:

    case uid == nil && len(username) > 0:
        return fmt.Errorf("container has runAsNonRoot and image has non-numeric user (%s), cannot verify user is non-root", username)
    

    And here is the validation call with the comment:

    // Verify RunAsNonRoot. Non-root verification only supports numeric user.
    if err := verifyRunAsNonRoot(pod, container, uid, username); err != nil {
        return nil, cleanupAction, err
    }
    

    As you can see, the only reason of that messages in your case is uid == nil. Based on the comment in the source code, we need to set a numeric user value.

    So, for the user with UID=999 you can do it in your pod definition like that:

    securityContext:
        runAsUser: 999
    

提交回复
热议问题