I can't seem to understand why the below mentioned pod manifest isn't working if I remove spec.containers.command, the pod fails if I remove the command.
I took this example from the official documentation
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
allowPrivilegeEscalation: false
Because the busybox image doesn't run any process at start by itself. Containers are designed to run single application and shutdown when the app exits. If the image doesn't run anything it will immediately exit. In the Kubernetes the spec.containers.command overwrites the default container command. You can try changing the manifest image for i.e. image: nginx, remove the spec.containers.command and it will run, because that image as default Nginx server.