Trying to setup prefect orion agent on a local kubernetes cl Prefect Community #ask-community

Trying to setup prefect orion agent on a local kub...

xyzz

01/19/2023, 1:12 PM

Trying to setup prefect orion agent on a local kubernetes cluster, but get the following error in the pod: "Error: container has runAsNonRoot and image will run as root". What does this mean exactly and how to fix it?

xyzz

01/19/2023, 1:23 PM

figured it out thanks to the helm chart, securityContext needs to be explicitly set but is missing from the spec generated by the CLI

xyzz

01/19/2023, 1:24 PM

is the helm chart to be preferred over the CLI for spec generation?

xyzz

01/19/2023, 1:24 PM

if so, is this documented anywhere?

Christopher Boyd

01/20/2023, 3:16 PM

Can you share the error and chart you are using? This is the first time I’ve seen this reported, and we have a large number of users who use these helm charts

Christopher Boyd

01/20/2023, 3:42 PM

From what I can see, this should be set in the chart:

Copy code

podSecurityContext:
    # -- set agent pod's security context runAsUser
    runAsUser: 1001
    # -- set agent pod's security context runAsNonRoot
    runAsNonRoot: true
    # -- set agent pod's security context fsGroup
    fsGroup: 1001

Christopher Boyd

01/20/2023, 3:43 PM

Do you ahve any specific restrictions or security settings on your cluster itself?

xyzz

01/23/2023, 8:20 AM

the problem was that I didn't use the helm chart but the spec generated by the cli

xyzz

01/23/2023, 8:20 AM

maybe generating the spec using the cli should be marked as deprecated?

xyzz

01/23/2023, 8:20 AM

using the helm chart worked

🙌 1

✅ 1

Open in Slack

Previous Next