kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

Here is the implementation of the verification:

case uid == nil && len(username) > 0:    return fmt.Errorf("container has runAsNonRoot and image has non-numeric user (%s), cannot verify user is non-root", username)

And here is the validation call with the comment:

// Verify RunAsNonRoot. Non-root verification only supports numeric user.if err := verifyRunAsNonRoot(pod, container, uid, username); err != nil {    return nil, cleanupAction, err}

As you can see, the only reason of that messages in your case is uid == nil. Based on the comment in the source code, we need to set a numeric user value.

So, for the user with UID=999 you can do it in your pod definition like that:

securityContext:    runAsUser: 999

CodeHunter

kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last