kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

Question

kubernetes PodSecurityPolicy set to runAsNonRoot, pods are not getting started post that Getting error Error: container has runAsNonRoot and image has non-numeric user (appuser)

Answer 1

This issue can be fixed using serviceAccounts & role-bindings. This approach is much lengthy but cleaner, especially in massive production clusters.

According to the documentation have mentioned in the following link, https://kubernetes.io/docs/concepts/policy/pod-security-policy/

The following steps will help you with the solution.

1. Create a service account

    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: test-sa
   

2. Attach the service account to the pod

    ---
    ...
    spec:
      serviceAccount: test-sa
    ...
   

3. Create ClusterRole

    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: privilated-role
    rules:
      - apiGroups:
        - policy
        resourceNames:
        - privileged
        resources:
        - podsecuritypolicies
        verbs:
        - use
   

4. Create the RoleBinding

     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: RoleBinding
     metadata:
       name: privilated-role-binding
     roleRef:
       apiGroup: rbac.authorization.k8s.io
       kind: ClusterRole
       name: privilated-role
     subjects:
       - kind: ServiceAccount
         name: test-sa
   

**Important: please check the yaml spacing because during copy and paste. may differ.