如何在 kubernetes pod 的容器中设置用户名?
[英]How to set user name in container of kubernetes pod?
问题描述
I have a following pod yaml to run a pod with security context where runAsUser and runAsGroup are set.
我有一个以下 pod yaml 来运行具有安全上下文的 pod,其中设置了runAsUser和runAsGroup 。
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: test
image: ubuntu:18.04
command: ["sleep", "10d"]
securityContext:
runAsUser: 1002
runAsGroup: 2002
When I exec into the container, it says:当我执行到容器中时,它说:
$ k exec -it test -- bash
groups: cannot find name for group ID 2002
I have no name!@test:/$
whoami command is also not working: whoami 命令也不起作用:
I have no name!@test:/$ whoami
whoami: cannot find name for user ID 1002
Here I need to set username for given uid(uid is not fixed so can't create image with a specific username).在这里,我需要为给定的 uid 设置用户名(uid 不固定,因此无法使用特定用户名创建图像)。
Does kubernetes provide any option to set username? kubernetes 是否提供任何设置用户名的选项?
1 个解决方案
解决方案1
2 2022-05-16 11:18:22
No. The username (if any) is determined by looking up the numeric user ID in the container's /etc/passwd file (if any), and Kubernetes doesn't try to modify that file.不会。用户名(如果有)是通过在容器的/etc/passwd文件(如果有)中查找数字用户 ID 来确定的,Kubernetes 不会尝试修改该文件。
There aren't really any consequences to the user ID not existing in /etc/passwd , beyond getting this cosmetic error message in the unusual case of a debugging shell.除了在调试 shell 的异常情况下收到此装饰性错误消息之外,在/etc/passwd中不存在的用户 ID 并没有真正的任何后果。 Filesystem permissions are set and enforced only based on the numeric user and group IDs.文件系统权限仅根据数字用户和组 ID 设置和执行。 So, for example, if you mount a PersistentVolumeClaim with an additional fsGroup: setting, that's based only on a numeric group ID, and again, it's irrelevant whether or not that actually exists in the container's /etc/groups file.因此,例如,如果您使用附加的fsGroup:设置挂载 PersistentVolumeClaim,则该设置仅基于数字组 ID,并且与容器的/etc/groups文件中是否实际存在无关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.