-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.20
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The documentation under Nodes -> Working with Pods -> Running pods in Linux user namespaces is incorrect, specifically the pod specification defined is incorrect as it contains .spec.template.spec but it is of Kind: Pod, it should just have a single .spec or preferrably we should switch to a Deployment spec which is more likely to be what is deployed in OpenShift.
in the doc, incorrect:
apiVersion: v1 kind: Pod metadata: namespace: userns name: userns-pod # ... spec: #... template: metadata: labels: app: name annotations: openshift.io/required-scc: "restricted-v3" spec: hostUsers: false containers: - name: userns-container image: registry.access.redhat.com/ubi9 command: ["sleep", "1000"] securityContext: capabilities: drop: ["ALL"] allowPrivilegeEscalation: false runAsNonRoot: true procMount: Unmasked runAsUser: 1000 runAsGroup: 1000 # ...
should be:
apiVersion: v1 kind: Deployment metadata: namespace: userns name: userns-pod labels: app: name annotations: openshift.io/required-scc: "restricted-v3" spec: hostUsers: false containers: - name: userns-container image: registry.access.redhat.com/ubi9 command: ["sleep", "1000"] securityContext: capabilities: drop: ["ALL"] allowPrivilegeEscalation: false runAsNonRoot: true procMount: Unmasked runAsUser: 1000 runAsGroup: 1000 # ...