seems the configure works, indeed. But we have a question raised up: after cat /etc/[group|passwd], we haven’t find the id 9999 exist in those files. and also compare the user namespace, we see there is the same user namespace between container and host:
so based on the finding, we have a question as below: why no 9999 exist in the /etc/[group|passwd], the uid can still work even without a user name? Do there are other special mechanisms to handle the user in Kubernetes?
help team can support us, thanks so so much!
Best regards,
hxia
seems the configure works, indeed. But we have a question raised up:
after cat /etc/[group|passwd], we haven’t find the id 9999 exist in
those files. and also compare the user namespace, we see there is the
same user namespace between container and host:
so based on the finding, we have a question as below:
*why no 9999 exist in the /etc/[group|passwd], the uid can still work
You don’t need to have it in etc/passwd nor friends. You can use any UID
number when running a process. Is really that simple
even without a user name? Do there are other special mechanisms to
Kubernetes doesn’t support user namespaces. All runs in the same user
namespace than the host. There is a KEP to add support for userns, but
not yet ready.