Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot verify user is non-root #83

Closed
vanyarock01 opened this issue Feb 17, 2021 · 2 comments
Closed

Cannot verify user is non-root #83

vanyarock01 opened this issue Feb 17, 2021 · 2 comments
Assignees
@vanyarock01

Comments

@vanyarock01
Copy link
Contributor

vanyarock01 commented Feb 17, 2021
edited
Loading

I'm trying to deploy an application with non-privileged (any non-root user) containers:

Error: container has runAsNonRoot and image has non-numeric user (tarantool), cannot verify user is non-root
@vanyarock01 vanyarock01 self-assigned this Feb 17, 2021
@vanyarock01
Copy link
Contributor Author

vanyarock01 commented Feb 17, 2021
edited
Loading

The reason is that the container is not privileged.

The image created with cartridge-cli has a default user named tarantool. At startup, k8s cannot verify that the user (tarantool) is non-root.

The problem has two solutions:

  1. Start a container with a default non-root user with ID 1000.
  2. Find ID of tarantool user and pass them. This is not easy, since the tarantool user ID is not set externally.

UPD: The problem is solved by using id when building a docker image, more details here.

@vanyarock01 vanyarock01 linked a pull request Feb 17, 2021 that will close this issue
helm charts: update security context for application containers #84
Closed
@vanyarock01 vanyarock01 mentioned this issue Feb 26, 2021
Closed
@vanyarock01
Copy link
Contributor Author

Fixed on cartridge-cli side.

This was referenced Sep 10, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vanyarock01 vanyarock01

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

helm charts: update security context for application containers tarantool/tarantool-operator
1 participant
@vanyarock01