sh: python3: Operation not permitted (kubernetes)

Question

For a bit of context, I am following this tutorial on how to setup pgadmin4 in kubernetes.

After attaching to my pod and running python, I am getting an error:

/pgadmin4 $ python3.8
sh: python3.8: Operation not permitted
/pgadmin4 $ ls -al /usr/bin/python3.8
-rwxr-xr-x    1 root     root         14008 May  6 00:05 /usr/bin/python3

Not sure what is the reason nor how can I debug it. It's clearly not a permission denied issue. I suspect it might have to do with lack of linux capabilities but I am actually a bit clueless as how to go from here.

Some additional information:

• the command I am running is as follows:

$ kubectl run -ti --rm --overrides='
{
    "apiVersion": "v1",
    "spec": {
    "containers":[{
        "name":"pgadmin",
        "image":"dpage/pgadmin4:latest",
        "command": ["sh"],
        "stdin": true,
        "tty": true,
        "resources": {
            "requests": {
                "cpu": 1,
                "memory": "1Gi"
            },
            "limits": {
                "cpu": "1",
                "memory": "1Gi"
            }
        },
        "envFrom": [{
            "secretRef": {
                "name": "proxy-secret"
            }
        }],
        "env": [{
            "name": "PGADMIN_DEFAULT_EMAIL",
            "value": "user@domain.com"
        }, {
            "name": "PGADMIN_DEFAULT_PASSWORD",
            "value": "test"
        }]
    }],
    "securityContext": {
        "runAsUser": 5050,
        "runAsGroup": 5050
    }
    }
}' --image="dpage/pgadmin4:latest" -- bash

Any hint is highly appreciated.

Answer 1

The culprit is this:

https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L190

setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.8

Either allow NET_BIND_SERVICE for your pod, or build a custom container where you remove this capability from /usr/bin/python3.8.