kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

后端 未结 2 1897
旧巷少年郎
旧巷少年郎 2021-02-14 09:37

kubernetes PodSecurityPolicy set to runAsNonRoot, pods are not getting started post that Getting error Error: container has runAsNonRoot and image has non-numeric user (appuser)

2条回答
  •  不知归路
    2021-02-14 10:22

    This issue can be fixed using serviceAccounts & role-bindings. This approach is much lengthy but cleaner, especially in massive production clusters.

    According to the documentation have mentioned in the following link, https://kubernetes.io/docs/concepts/policy/pod-security-policy/

    The following steps will help you with the solution.

    1. Create a service account

       ---
       apiVersion: v1
       kind: ServiceAccount
       metadata:
         name: test-sa
      
    2. Attach the service account to the pod

       ---
       ...
       spec:
         serviceAccount: test-sa
       ...
      
    3. Create ClusterRole

       ---
       apiVersion: rbac.authorization.k8s.io/v1
       kind: ClusterRole
       metadata:
         name: privilated-role
       rules:
         - apiGroups:
           - policy
           resourceNames:
           - privileged
           resources:
           - podsecuritypolicies
           verbs:
           - use
      
    4. Create the RoleBinding

        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: RoleBinding
        metadata:
          name: privilated-role-binding
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: privilated-role
        subjects:
          - kind: ServiceAccount
            name: test-sa
      

    **Important: please check the yaml spacing because during copy and paste. may differ.

提交回复
热议问题