kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

后端未结

关注

 2  1894

旧巷少年郎 2021-02-14 09:37

kubernetes PodSecurityPolicy set to runAsNonRoot, pods are not getting started post that Getting error Error: container has runAsNonRoot and image has non-numeric user (appuser)

2条回答

小鲜肉 (楼主)

2021-02-14 10:14
Here is the implementation of the verification:
```
case uid == nil && len(username) > 0:
    return fmt.Errorf("container has runAsNonRoot and image has non-numeric user (%s), cannot verify user is non-root", username)
```
And here is the validation call with the comment:
```
// Verify RunAsNonRoot. Non-root verification only supports numeric user.
if err := verifyRunAsNonRoot(pod, container, uid, username); err != nil {
    return nil, cleanupAction, err
}
```
As you can see, the only reason of that messages in your case is uid == nil. Based on the comment in the source code, we need to set a numeric user value.

So, for the user with UID=999 you can do it in your pod definition like that:
```
securityContext:
    runAsUser: 999
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...