K
Q

SYS_TIME capability now working in kubernetes

5/5/2020

When I created a pod with below security context having permission to change system time am getting error

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
  namespace: default
spec:
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    securityContext:
     runAsUser: 1010
     capabilities:
        add: ["SYS_TIME"]
    name: ubuntu

I am getting error that cant set date operation not permitted.

master $ kubectl create -f ubu.yml
pod/ubuntu-sleeper created
master $ kubectl exec -it ubuntu-sleeper -- date -s '19 APR 2012 11:14:00'
date: cannot set date: Operation not permitted
Thu Apr 19 11:14:00 UTC 2012
command terminated with exit code 1
master $
-- DevOpsGeek
kubernetes

Similar Questions

Jupyter command not recognized on Google Cloud running Kubernetes Engine
activeDeadlineSeconds is coming invalid
Using Digital Ocean Kubernetes Auto-Scaling for auto-downgrading node availability
What will be faster: using gridsearchcv or map-reduce

1 Answer

5/5/2020

To change system time, you will have to run the container as root:

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
  namespace: default
spec:
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    securityContext:
     capabilities:
        add: ["SYS_TIME"]
    name: ubuntu
-- Fritz Duchardt
Source: StackOverflow