The use of USER nobody:nobody in default image will cause a kublet startup failure if runAsNonRoot:true SecurityContext is applied or enforced via a PSP.
ie from describe:
Warning Failed 7s (x3 over 22s) kubelet Error: container has runAsNonRoot and image has non-numeric user (nobody), cannot verify user is non-root (pod: "kuard-798585497b-4lpqf_default(6e554b4c-4f39-4fae-97c6-b147436639f4)", container: kuard)
Need to use numeric UID:GID in Dockerfile(s) to avoid this or else users will have to hard code them into runAsUser lines in their pod specs.
The use of
USER nobody:nobodyin default image will cause a kublet startup failure ifrunAsNonRoot:trueSecurityContext is applied or enforced via a PSP.ie from describe:
Need to use numeric UID:GID in Dockerfile(s) to avoid this or else users will have to hard code them into
runAsUserlines in their pod specs.