-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pod specifying runAsUser: 0 not working #176
Comments
This issue is similar to #158. If we always pass "0" to API server, the default value in Kubernetes will be broken (that might introduce the issue #170) It seems the best solution would be to replace I'm thinking of a better solution. What do you recommend? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Accoding to kubernetes bug fix kubernetes/kubernetes#78308, pods that explicitly specifying
runAsUser: <uid>
orrunAsGroup: <gid>
should start the container always in every launch using given user or group. IfrunAsUser
orrunAsGroup
is not set, the container should run with USER specified when building the image.Now we get the sdk implementation that
runAsUser: 0
is ignored when the user forces to launch the container with root, overwriting default image USER. The same torunAsGroup: 0
.c/kubernetes/model/v1_security_context.c
Line 134 in 859fc3f
c/kubernetes/model/v1_security_context.c
Line 118 in 859fc3f
I have a local fix to remain the semantics meaning to introduce the invalid user and group as -1:
The text was updated successfully, but these errors were encountered: