https://prefect.io logo
Title
x

xyzz

01/19/2023, 1:12 PM
Trying to setup prefect orion agent on a local kubernetes cluster, but get the following error in the pod: "Error: container has runAsNonRoot and image will run as root". What does this mean exactly and how to fix it?
figured it out thanks to the helm chart, securityContext needs to be explicitly set but is missing from the spec generated by the CLI
is the helm chart to be preferred over the CLI for spec generation?
if so, is this documented anywhere?
c

Christopher Boyd

01/20/2023, 3:16 PM
Can you share the error and chart you are using? This is the first time I’ve seen this reported, and we have a large number of users who use these helm charts
From what I can see, this should be set in the chart:
podSecurityContext:
    # -- set agent pod's security context runAsUser
    runAsUser: 1001
    # -- set agent pod's security context runAsNonRoot
    runAsNonRoot: true
    # -- set agent pod's security context fsGroup
    fsGroup: 1001
Do you ahve any specific restrictions or security settings on your cluster itself?
x

xyzz

01/23/2023, 8:20 AM
the problem was that I didn't use the helm chart but the spec generated by the cli
maybe generating the spec using the cli should be marked as deprecated?
using the helm chart worked
🙌 1
1