Allow Containers to run as root on OpenShift 4 : Hack
🤫 Don’t tell anyone that i shared this trick with you
Let me tell you that OpenShift is the most secure Kubernetes distribution on this planet. So OpenShift has the responsibility to secure your apps, which is why OpenShift does not allow containers to run as root.
“ First Principles : Never ever run your containers as root user”
Having said that, there are some instances when you want to run a pokemon container image that you found on some random container repository and want to run that to your OpenShift homelab/dev/test clusters.
Well to do so, you need to allow running container image as root and this is how you can do it.
- Login to OpenShift as system:admin
oc login -u system:admin -n default2. Create a new project where you will be running that in-secure container
oc new-project pokemon-prj3. Add the security policy anyuid to the service account responsible for creating your deployment, by default this user is default. The dash z indicates that we want to manipulate a service account
oc adm policy add-scc-to-user anyuid -z default4. You are all set, go and deploy or re-deploy your containers, it should work now, in pokemon-prj project
Summary
- Don’t ever run containers as root in production environments
- Don’t tell anyone that you learned this hack from this blog
