Skip to content

Instantly share code, notes, and snippets.

@ebuildy
Last active Aug 2, 2021
Embed
What would you like to do?
add user kubernetes when no root

This explain how to add Linux user when running pod as no-root.

This fix use an initContainer to append a line to /etc/passwd , then mount it as a file within container to run.

apiVersion: apps/v1
kind: Deployment
metadata: {}
spec:
template:
metadata: {}
spec:
volumes:
- name: etc-hack
emptyDir: {}
initContainers:
- name: fix-user
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- >
myuid=$(id -u)
mygid=$(id -g)
uidentry=$(getent passwd $myuid)
cp /etc/passwd /opt/my-etc/passwd
if [ -z "$uidentry" ] ; then
if [ -w /opt/my-etc/passwd ] ; then
echo "$myuid:x:$myuid:$mygid:zeppelin uid:${PWD}:/bin/false" >> /opt/my-etc/passwd
else
echo "Container ENTRYPOINT failed to add passwd entry for zeppelin UID"
fi
fi
resources:
requests:
cpu: 10m
memory: 16Mi
limits:
cpu: 50m
memory: 32Mi
volumeMounts:
- name: etc-hack
mountPath: /opt/my-etc
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: etc-hack
mountPath: /etc/passwd
subPath: passwd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment