ccu, Administrators
684
edits
Changes
Jump to navigation
Jump to search
m
OtherwiseThus, you should set your default namespace in the kubeconfig accordingly, and perhaps have to update pod configurations. For security reasons, containers are forced to run with your own user id and a user group id of "10000". These will also be the ids used to create files and directories, and decide the permissions you have on the file system. The pod security policy which is active for your namespace will automatically fill in this data. Note that the security policy for pods is very restrictive for now pretty restrictive, in to detect all problematic cases. In particular, you can not switch to root inside containers anymore. If this presents problems, please contact Please inform me if security policies disrupt your usual workflow so that we can work something out a solution.
→User namespace, pod security and quotas
=== User namespace, pod security and quotas ===
Each user works in their own namespace now, which is auto-generated when your login is created. The naming convention is "user-firstname-lastname", i.e. you replace all '.'s in your cluster username with '-'. Thus, you need to set Example: if your default namespace in the kubeconfig accordingly, and perhaps update pod configurationsusername is "test. For security reasonsaccount", containers are forced to run with your own namespace will be "user id and your user group. To make configuration easy, a pod preset which sets all required options (in addition to mounting basic filesystems) is available in your namespace, see examples below for details-test-account".
Finally, there is now a mechanism in place to set resource quotas for individual users. The preset is quite generous at the moment since we have plenty of resources, but if you believe your account is too limited, please contact me.
