I normally used 1111
as user id and group id for my containers but when I deployed my application on OpenShift platform, I got error while scheduling of pods.
unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{1111}: 1111 is not an allowed group spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1111: must be in the ranges: [1000750000, 1000759999]]
I know that, this restriction has been imposed by some Security Context Constraint (SCC) on the cluster which is not being satisfied by my application Pods. I just wanted to understand, if there are some standard rules/guidelines around choosing these userId and GroupID. Any help would be appreciated!
As per RedHat recommendations,your
image should
be build in such a way that it canrun with an arbitrary user id
. So, if you follow that then you don't need to specify user id in Dockerfile or in your deployment yaml manifest. Openshift will automatically choose an arbitrary user id (from the range) and will run the pod with that.Check this link for more details.