我知道这样做的缺点, 但是我有一张只能在以root用户身份运行cmd的镜像。
服务器kubernetes版本为:v1.19.14
。
在我的deployment.yaml
文件中,我有:
spec:
containers:
- name: myapp
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
command: ...
image:...
但是当我描述rs时,我看到以下内容:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 0s (x13 over 21s) replicaset-controller Error creating: pods "myapp-7cdd994c56-" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.containers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden]
我做错了什么?
PodSecurityPolicy
?可以使用kubectl get PodSecurityPolicy
进行检查。 - moonkotte