Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
x
xyzz
01/19/2023, 1:12 PMTrying to setup prefect orion agent on a local kubernetes cluster, but get the following error in the pod: "Error: container has runAsNonRoot and image will run as root". What does this mean exactly and how to fix it?
figured it out thanks to the helm chart, securityContext needs to be explicitly set but is missing from the spec generated by the CLI
is the helm chart to be preferred over the CLI for spec generation?
if so, is this documented anywhere?
c
Christopher Boyd
01/20/2023, 3:16 PMCan you share the error and chart you are using? This is the first time I’ve seen this reported, and we have a large number of users who use these helm charts
From what I can see, this should be set in the chart:
podSecurityContext:
# -- set agent pod's security context runAsUser
runAsUser: 1001
# -- set agent pod's security context runAsNonRoot
runAsNonRoot: true
# -- set agent pod's security context fsGroup
fsGroup: 1001Do you ahve any specific restrictions or security settings on your cluster itself?
x
xyzz
01/23/2023, 8:20 AMthe problem was that I didn't use the helm chart but the spec generated by the cli
maybe generating the spec using the cli should be marked as deprecated?
using the helm chart worked
🙌 1
✅ 1