K
Q

Kubernetes runAsNonRoot failing: CreateContainerConfigError

12/27/2018

I have added a security context in my pod which looks as follows:

spec:
  securityContext:
    runAsNonRoot: true

While running the pod I am getting error message (kubectl get pod pod-name -o=yaml):

container has runAsNonRoot and image has non-numeric user (default), cannot verify user is non-root

The message is intuitive but, after reading this kubernetes blog it seems to me it should be very straight forward, what I am missing here?

-- Vishrant
kubernetes
kubernetes-helm

Similar Questions

How can I empty an airflow worker deployed via Docker on Kubernetes cluster?
How to calculate the docker limits
Istio blocking connection to MySQL
Is there a reason to auto-scale kubernetes master?
Kubernetes service for pod with hostnetworking
How to Remove Images in Jenkins Shell Script

2 Answers

12/27/2018

You can add the securityContext as follows:

spec:
  runAsUser:
    rule: MustRunAsNonRoot
  containers:
    - name: <container-name>

This can be confirmed with Kubernetes code

-- Vishrant
Source: StackOverflow
12/27/2018

This error comes only when your uid == nil,. Based on the error text, we need to set a numeric user value.

So, for the user with UID=1000 you can do it in your pod definition like:

securityContext:
  runAsUser: 1000

So your securityContext should be like:

securityContext:
  fsGroup: 2000
  runAsNonRoot: true
  runAsUser: 1000

Checkout it in official docs here

-- Prafull Ladha
Source: StackOverflow