Answer the question
In order to leave comments, you need to log in
I
I
Iceforest2022-02-04 12:33:24
Iceforest, 2022-02-04 12:33:24
How to write psp k8s for service account?
minikube start --extra-config=apiserver.enable-admission-plugins=PodSecurityPolicy --addons=pod-security-policythere is a service account nginx-sa
created a role and rolebinding
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-sa
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nginx-sa-role
namespace: default
rules:
- apiGroups: ["extensions", "apps",""]
resources: [ "deployments","pods" ]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nginx-sa-role-binding
namespace: default
subjects:
- kind: ServiceAccount
name: nginx-sa
namespace: default
roleRef:
kind: Role
name: nginx-sa-role
apiGroup: rbac.authorization.k8s.ioI want to run a container under this account
kubectl run nginx --image=nginx -n default --as system:serviceaccount:default:nginx-saI get an error
Error: container has runAsNonRoot and image will run as root (pod: "nginx-deployment-55649fd747-hdbql_default(2fe4a503-aa56-4ca4-9e4d-4c67cfedef40)", container: nginx)The error is related to the one with psp . tell me, please, how to write the correct policy for namespace default, so that the service account is allowed to launch the pod without root rights?
Similar questions
N
K
A
E
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question