Openshift (Origin) Enable Images to Run with ROOT user

Question

I am trying to run simple elk container with openshift(using minishift). The image I am trying to run is this elk image. During image deploy to openshift it gives the following warning:

Image sebp/elk runs as the root user which might not be permitted by your cluster administrator.

I Ignore this error and create deployment with this image. After that pod tries to start container but it fails with following error:

Starting periodic command scheduler cron

cron: can't open or create /var/run/crond.pid: Permission denied ...fail!

chown: changing ownership of '/var/lib/elasticsearch': Operation not permitted

I thought it i related with root user warning and then tried these steps Enable Images to Run with USER in the Dockerfile and Grant a Service Account Access to the Privileged SCC . Both of them failed with following errors:

Murats-MacBook-Pro-2:~ murat$ oc adm policy add-scc-to-group anyuid system:authenticated

Error from server (Forbidden):User "system" cannot get securitycontextconstraints.security.openshift.io at the cluster scope

Murats-MacBook-Pro-2:~ murat$ oc adm policy add-scc-to-user anyuid system:serviceaccount:elk:elk

Error from server (Forbidden): User "system" cannot get securitycontextconstraints.security.openshift.io at the cluster scope

Thanks a lot.

Answer 1

We have anyuid addon for this specific use case. Consider using it.

To use it, run following command

minishift addon apply anyuid

To know more about addon, check here Minishift Addons.

Answer 2

The commands to enable running an image as anyuid need to be run as an admin. For Minishift you can login as admin using:

oc login -u system:admin

Remember to login back as your normal user when done.