K
Q

Kubernetes: how to run application in the container with root privileges

9/23/2019

I setup kubernetes with master and node on the same hardware (ubuntu 18) using this tutorial.

Kubernetes 1.15.3 docker 19.03.2

The container I created runs an emulation software that needs root privileges with write access to /proc/sys/kernel directory. When kubernetes start the container I get an error inside the service script /etc/init.d/myservicescript indicates that it can't write to /proc/sys/kernel/xxx. The container runs on ubuntu 14.

I tried to set the "runAsUser: 0" in the pod's yaml file

I tried to set "USER 0" in the Dockerfile

Neither work. Any suggestion on how to get this working?

-- user3102610
containers
docker
kubernetes
privileges
root

Similar Questions

Kubernetes: My PodSecurityPolicy is not working or misconfigured
Why does nginx ingress minikube plugin hostPort work but hostPort does not work for any other plugin?
From Ingress to NodePort service
kubernetes: Node not scaled down by Cluster Autoscaler despite low usage

1 Answer

9/23/2019

Changing the user inside the container does not give you any privilege on the host. In order to get elevated privilege, you must set privileged: true in the security context.

For example:

apiVersion: v1
kind: Pod
metadata:
  name: busybox
spec:
  containers:
  - name: busybox
    image: busybox
    args:
    - sleep
    - "999"
    securityContext:
      privileged: true
-- Alassane Ndiaye
Source: StackOverflow