K
Q

How to disable runasNonRoot in Kubernetes

4/13/2020

This is in my deployment YAML file:

     readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 10001

What changes do I have to make to install python:

kubectl exec -it carts-66bc68f95f-8wjgx -c carts -n sock-shop -- sh
/usr/src/app $ apk add python
ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied
/usr/src/app $ echo hello > sample.txt
sh: can't create sample.txt: Read-only file system
/usr/src/app $
-- Pradeep Padmanaban
kubernetes
python

Similar Questions

Connect Refused Kubernetes Service Discovery Using Spring Boot
How to connect to shell to Kubernetes pod
Pipeline failing with gitlab runner kubernetes and K8S API server v1.17.4 (BadRequest)
How to use same labels in a deployment?

1 Answer

4/13/2020

You basically can't from the Kubernetes shell. This works as designed for security reasons.

If you are running Docker a way to bypass this is to login/SSH to the machine where this Pod is running. (You might not be able to SSH to the node depending what security controls your organization has in place)

Find the container in question:

$ docker ps -a | grep carts-66bc68f95f-8wjgx

Then exec to the container as root:

$ docker exec -it --user=root <container-name> bash
# apk add python

Having said that, I recommend that you start from a container image that already has Python installed.

-- Rico
Source: StackOverflow