What is the correct solution to step 9 of lab 6.6 Domain review?

m.ramah

Hello,

In Lab 6.6 you work with a premade yaml file called security-review1.yaml.

This yaml is designed to produce a pod with a failing nginx container because the runAsUser is set to something else but root. Nginx needs root access to make certain directories during startup.

Step 8 says: After finding the errors, log into the container and find the proper id of the nginx user

I had to use kubectl debug for this because you cannot log into a container that continuously crashes using sh. Using debug and the command 'id nginx' i found out that nginx runs as user 101.

Then step 9 says: Edit the yaml and re-create the pod such that the pod runs without error.

If i change runAsUser to 101 in the yaml file it does not cause the container to work, because 101 still is not root. The only way i can make the container run again is to remove both runAsUser statements inside the yaml.

But i have a feeling this is not the solution the author of the course was looking for.

Can anyone tell me what the correct solution should be?

Thank you in advance.