Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"kubectl debug" throws "container has runAsNonRoot and image has non-numeric user" #163

Open
Voriaz opened this issue May 24, 2024 · 2 comments
Open

"kubectl debug" throws "container has runAsNonRoot and image has non-numeric user" #163

Voriaz opened this issue May 24, 2024 · 2 comments

Comments

@Voriaz
Copy link

Voriaz commented May 24, 2024

Hi,

I tried to use the kubectl debug command to attach an ephemeral netshoot container to a pod but I received this error message:

Warning: container debugger-5rswx: container has runAsNonRoot and image has non-numeric user (root), cannot verify user is non-root (pod: "cert-manager-webhook-5b965896dd-zwc75_cert-manager(d7ac073d-693c-4bc9-ba43-82643c554604)", container: debugger-5rswx)

The container I want to debug has securityContext: runAsNonRoot: true set and it seems that the netshoot image doesn't have a "numeric user".
From what I saw online, image must have USER <id>:<id> in it's definition.

Is it possible to add this to the netshoot image to be able to debug nonRoot pods ?

Thanks,

A.
@brightzheng100
Copy link

This sounds a limitation of K8s: kubernetes/kubernetes#113006

Maybe it would help if we have an image that requires non-root?

@kivra-ahmwar
Copy link

I also stumbled upon this. Would love an image that can debug nonRoot pods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brightzheng100 @Voriaz @kivra-ahmwar