The notorious lab6.6 domain review | steps 5-9
much has been said and explained about this domain review by previous students. so, i'll not be covering any new ground. only giving my take on the situation.
Qs 5-7. simple enough, find, run, and view webguy crashloopbackoff state.
Q8. where the fun begins. as others have noted, there's no straightforward way to "log into the container and find the proper id of the nginx user" in its current state. a different post marked the 'kubectl debug' option as the most likely answer, but in my experience with this, that is not the solution with the webguy container in a crashloopbackoff. you could try:
kubectl debug -it securityreview --image=busybox --target=webguy
orkubectl debug -it securityreview --image=nicolaka/netshoot --target=webguy
but that will only result in the following "Warning: container debugger-8qvtc: failed to generate container..."
so 'kubectl debug' is NOT the solution for this particular container state.
so if really wanting to get into the original nginx image/container, the only solution is to insert a command block breaking the intended image entrypoint, something like the following:
command: ["bin/sh"] args: ["-c", "while true; do echo hello; sleep 30; done"]
then one can exec into webguy and run the 'id' command to see the nginx user and group ids. but what does that accomplish? not much with this image, because even with the ids, this image requires root privileges (user id = 0) to run. there's a stackoverflow hack suggested on this forum that can best be described as 'a guy having too much time on his hands' to come up with it. appreciate the effort and willingness to contribute, i suppose.
Q9. so, what is the easiest and most efficient way to "Edit the yaml and re-create the pod such that the pod runs without error."
image: nginxinc/nginx-unprivileged
and
runAsUser: 101
so in the end, i'll not be as critical as others have been about the ambiguity of the lab 6 domain review. because at a minimum, if one tries to get webguy/nginx running in a non-root environment, you will have to wrap your head around everything discussed above.
my 2 cents.
i'd be curious to know if anyone has a method to use 'kubectl debug' to generate a usable container of crashloopbackoff condition.
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 754 Linux Foundation IT Professional Programs
- 374 Cloud Engineer IT Professional Program
- 170 Advanced Cloud Engineer IT Professional Program
- 74 DevOps IT Professional Program - Discontinued
- 5 DevOps & GitOps IT Professional Program
- 100 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 2 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 5 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 2 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 794 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 89 Storage
- 769 Linux Distributions
- 81 Debian
- 68 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 112 Mobile Computing
- 20 Android
- 77 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 393 Off Topic
- 121 Introductions
- 182 Small Talk
- 29 Study Material
- 976 Programming and Development
- 310 Kernel Development
- 648 Software Development
- 990 Software
- 382 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)