using kubectl v1.9 on client and server.
ubuntu 16.04 server on GCP.

I was trying to follow the demo listed 
which assigns a security context to a pod when it is created.
Pod yaml file is:

apiVersion: v1kind: Podmetadata:
  name: security-context-demospec:
    runAsUser: 1000
    fsGroup: 2000
  - name: sec-ctx-vol
    emptyDir: {}
  - name: sec-ctx-demo
    - name: sec-ctx-vol
      mountPath: /data/demo
      allowPrivilegeEscalation: false

problem: pod always crashes and gets restarted many times:

*kubectl get pods
NAME                       READY     STATUS             RESTARTS   AGE
busybox-855686df5d-2667x   1/1       Running            1          1h
security-context-demo      0/1       CrashLoopBackOff   1          12s   << 
this is the problem.*

*I tried removing each securityContext section. Crash remains when either 
securityContext section is present in the yaml file.*

*pod describe shows:*

  Type     Reason                 Age                From               Message
  ----     ------                 ----               ----               -------
  Normal   Scheduled              58s                default-scheduler  
Successfully assigned security-context-demo to worker-0
  Normal   SuccessfulMountVolume  58s                kubelet, worker-0  
MountVolume.SetUp succeeded for volume "sec-ctx-vol"
  Normal   SuccessfulMountVolume  58s                kubelet, worker-0  
MountVolume.SetUp succeeded for volume "default-token-ptfl5"
  Normal   Pulled                 10s (x4 over 56s)  kubelet, worker-0  
Container image "" already present on 
  Normal   Created                10s (x4 over 56s)  kubelet, worker-0  Created 
  Normal   Started                10s (x4 over 56s)  kubelet, worker-0  Started 
  Warning  BackOff                9s (x6 over 54s)   kubelet, worker-0  
Back-off restarting failed container*

*Logs in pod say:*

*return, stringToFlags(flags), mode);

Error: EACCES: permission denied, open '/server.js'
    at Error (native)
    at Object.fs.openSync (fs.js:549:18)
    at Object.fs.readFileSync (fs.js:397:15)
    at Object.Module._extensions..js (module.js:415:20)
    at Module.load (module.js:343:32)
    at Function.Module._load (module.js:300:12)
    at Function.Module.runMain (module.js:441:10)
    at startup (node.js:139:18)
    at node.js:968:3*

*If I remove both securityContext sections, pod runs normally.*

*So does the runAsUser function work or not?  *

*How to specify the securityContext and avoid the crash?*

You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to