Tanzu Kubernetes Grid 1.22.9 requires that docker images have numeric userids. Running an distroless nonroot image with "USER nonroot:nonroot" will fail to start with this error when default pod security policy is enabled:
"Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root"
Motivation
Tanzu Kubernetes Grid 1.22.9 requires that docker images have numeric userids. Running an distroless nonroot image with "USER nonroot:nonroot" will fail to start with this error when default pod security policy is enabled: "Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root"
Modifications
Replace
USER nonroot:nonroot
withUSER 65532:65532
. Similar solution is commonly used for images using distroless nonroot base image. For example, https://github.com/grafana/loki/blob/main/operator/Dockerfile#L26Documentation
Check the box below.
Need to update docs?
[ ]
doc-required
(If you need help on updating docs, create a doc issue)
[x]
no-need-doc
(Please explain why)
[ ]
doc
(If this PR contains doc changes)