Details
Description
Having this hard coded as 1000 is just far too dangerous. For a start a lot of images out there assume a UID of 1000 ("couchbase" default). Problem is, if you forget to add the pod security context to something and also run as a different user, things will break.
Attachments
Issue Links
- relates to
-
K8S-2512 [Backup] PermissionError: [Errno 13] Permission denied while trying to setup restore logging.
-
- Closed
-
Gerrit Reviews
For Gerrit Dashboard: K8S-2517 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
174265,1 | K8S-2517: runAsUser Test Randomization | 2.3.x | couchbase-operator | Status: NEW | 0 | +1 |
Simon Murray I've tried simply picking a random number where we apply the security context, but CB server pods immediately fail with:
whoami: cannot find name for user ID 6481
The docs suggest that if we are running as non-root, we must set runAsUser to 1000; does that not conflict with this change?