我确实理解这样做的缺点,但是我的图像仅适用于在其中运行 cmd 的 root 用户。
服务器 kubernetes 版本为:v1.19.14. 在我的里面我deployment.yaml有:
spec:
containers:
- name: myapp
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
command: ...
image:...
但是当describe rs我看到以下内容时:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 0s (x13 over 21s) replicaset-controller Error creating: pods "myapp-7cdd994c56-" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.containers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden]
我做错了什么?