You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our Pod Security Policy explicitly denies containers running as root. Since the Dockerfiles for the various containers needed during linkerd install do not specify a user, it is assumed that they will run as root. When I try to install linkerd into our cluster, I get an error that says that containers cannot runAsRoot. The initContainer that needs root and NET_ADMIN will still be an issue for us until #1887 is resolved.
How should the problem be solved?
Adding a securityContext with a runAsUser value to the various containers is one way to solve this problem. If any of the required containers do actually need to run as root, then I'm not sure how to get around that. From what I can tell this change doesn't affect the installation.
Any alternatives you've considered?
I'm not super familiar with alternatives other than updating the Dockerfiles to run as a particular user.
How would users interact with this feature?
Users will not be affected by this change.
The text was updated successfully, but these errors were encountered:
codeman9
changed the title
Add SecurityContext to the various containers installed
Add SecurityContext to the various containers installed, except the initContainer
Dec 10, 2018
Feature Request
What problem are you trying to solve?
Our Pod Security Policy explicitly denies containers running as root. Since the Dockerfiles for the various containers needed during linkerd install do not specify a user, it is assumed that they will run as root. When I try to install linkerd into our cluster, I get an error that says that containers cannot runAsRoot. The
initContainer
that needs root andNET_ADMIN
will still be an issue for us until #1887 is resolved.How should the problem be solved?
Adding a securityContext with a runAsUser value to the various containers is one way to solve this problem. If any of the required containers do actually need to run as root, then I'm not sure how to get around that. From what I can tell this change doesn't affect the installation.
Any alternatives you've considered?
I'm not super familiar with alternatives other than updating the Dockerfiles to run as a particular user.
How would users interact with this feature?
Users will not be affected by this change.
The text was updated successfully, but these errors were encountered: