openshift does not honor the USER directive in Dockerfile

957 views Asked by At

I'm new to Openshift/k8s. The docker image I'm running in openshift is using USER blabla. But when I exec into the pod, it use a different rather than the one in Dockerfile.

I'm wondering why? and how can I work around this ?

Thanks

1

There are 1 answers

1
Jordan Liggitt On BEST ANSWER

For security, cluster administrators have the option to force containers to run with cluster assigned uids. By default, most containers run using a uid from a range assigned to the project.

This is controlled by the configured SecurityContextConstraints.

To allow containers to run as the user declared in their dockerfile (even though this can expose the cluster, security-wise), allow the pod's service account access to the anyuid SecurityContextConstraint (oadm policy add-scc-to-user anyuid system:serviceaccount:<your ns>:<your service account>