Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to numeric user id #5203

Merged
merged 1 commit into from Jan 29, 2019

Conversation

Projects
None yet
3 participants
@verwilst
Copy link
Contributor

verwilst commented Jan 23, 2019

Signed-off-by: Bart Verwilst bart@verwilst.be

What this PR does / why we need it:

Fixes #4818

Using the actual username as USER value makes a PodSecurityPolicy-enabled kubernetes cluster refuse to start the pod:

  Type     Reason          Age                 From                                           Message
  ----     ------          ----                ----                                           -------
  Normal   Scheduled       10m                 default-scheduler                              Successfully assigned test/tiller-deploy-cb64d6bf5-gnp6f to k8spoc-worker001
  Warning  Failed          10m (x8 over 10m)   kubelet, k8spoc-worker001  Error: container has runAsNonRoot and image has non-numeric user (nobody), cannot verify user is non-root
  Normal   SandboxChanged  10m (x8 over 10m)   kubelet, k8spoc-worker001  Pod sandbox changed, it will be killed and re-created.
  Normal   Pulled          41s (x72 over 10m)  kubelet, k8spoc-worker001  Container image "gcr.io/kubernetes-helm/tiller:v2.12.3" already present on machine

Changing USER to its numeric counterpart fixes this behaviour.

Special notes for your reviewer:

If applicable:

  • this PR contains documentation
  • this PR contains unit tests
  • this PR has been tested for backwards compatibility
Switch to numeric user id
Signed-off-by: Bart Verwilst <bart@verwilst.be>

@helm-bot helm-bot added the size/XS label Jan 23, 2019

@bacongobbler bacongobbler merged commit 074dbcd into helm:master Jan 29, 2019

2 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details

@verwilst verwilst deleted the verwilst:numeric-user branch Jan 29, 2019

Eraac pushed a commit to Eraac/helm that referenced this pull request Mar 21, 2019

Switch to numeric user id (helm#5203)
Signed-off-by: Bart Verwilst <bart@verwilst.be>
Signed-off-by: Kevin Labesse <kevin@labesse.me>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.