zitsen
Reputation: 365
What's the Kubernetes equivalent to docker --privileged?
I wanted to host a TDengine cluster in Kubernetes, then met an error when I enabled coredump in the container.
I've searched Stack Overflow and found the Docker solution, How to modify the `core_pattern` when building docker image, but not the Kubernetes one.
Upvotes: 1
Views: 427
Answers (2)
zitsen
Reputation: 365
Just some fix to the picked answer, the final worked yaml is:
apiVersion: apps/v1
kind: Deployment
metadata:
name: core
spec:
selector:
matchLabels:
app: core
template:
metadata:
labels:
app: core
spec:
containers:
- image: zitsen/enable-coredump:0.1.0
name: core
command: ["/bin/sleep", "3650d"]
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
Upvotes: 0
Noam Yizraeli
Reputation: 5394
Here's an example:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
spec:
template:
spec:
containers:
- image: my-image
name: my-app
...
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
Upvotes: 3
Related Questions
- Prevent Kubernetes users from being able to create privileged containers
- Privileged containers and capabilities
- run container as root user
- Kubernetes: Run container as non-root if there is no user specified
- Kubernetes yaml with privileged flag
- How can I add the `--privileged` flag of Docker to a Kubernetes pod spec container YAML definition
- Is there any way to run super-privileged containers using Kubernetes?
- Kubernetes: how to run application in the container with root privileges
- Kubernetes: Privileged container in Linux docker-multinode cluster
- Kubernetes pod having containers of different privileges