In Kubernetes (K8S) various levels of security can be set which apply cluster-wide to Pods running containers. One of which is a policy which prevents containers within a Pod to be executed/run as root user (runAsNonRoot).
If this config is set, but the Pod definition for your K8S cluster does override
then upon trying to have neo4j container(s) started you will see an error along the lines of:
Error: container has runAsNonRoot and image will run as root
To resolve this issue, make sure that in your K8S’ cluster Pod definition, you have something similar to the following:
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 ....
runAsUser is the UID used to run the entrypoint of the container process, in this case Neo4j’s. The value is a high number
chosen to avoid conflicts with the host’s user table.
- Last Modified: 2020-09-23 21:26:58 UTC by Kambiz Chehresa.
- Relevant for Neo4j Versions: 3.4, 3.5.
- Relevant keywords kubernetes, docker, security.