kubernetescroncontainers
container "" in pod "" is waiting to start: CreateContainerConfigError
container "abc-job" in pod "abc-job-manual-h9k-vbbzw" is waiting to start: CreateContainerConfigError
Error: container has runAsNonRoot and image will run as root (pod: "abc-job-manual-h9k-xyz-ns-nonprod(e38ece94-b411-4d70-bc29-3711f36cfe45)", container: abc-cron-job)
Below image is from cluser in pod details
below is my yaml file for cronjob
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: abc-cron-job
spec:
schedule: "10 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: abc-cron-job
image: docker.repo1.jkl.com/xyz-services/abc/REPLACE_ME
imagePullPolicy: Always
env:
- name: spring-profile
valueFrom:
configMapKeyRef:
name: spring-profile
key: ENV
restartPolicy: OnFailure
Solution
in yaml file, securityContext was missing, i added that and now it is working fine. Below one is the updated yaml file
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: abc-cron-job
spec:
schedule: "10 * * * *"
jobTemplate:
spec:
template:
spec:
securityContext:
runAsGroup: 3000
runAsUser: 3000
containers:
- name: abc-cron-job
image: docker.repo1.xyz.com/abc-services/abc-application/REPLACE_ME
imagePullPolicy: Always
env:
- name: spring-profile
valueFrom:
configMapKeyRef:
name: spring-profile
key: ENV
securityContext:
privileged: false
restartPolicy: OnFailure
- Restart Pod when secrets gets updated
- kubectl unable to connect to server: x509: certificate signed by unknown authority
- kustomization Error: json: cannot unmarshal number into Go struct field Image.images.newTag of type string
- Scale deployment with python client in Kubernetes
- ValidationError(Ingress.spec.rules[0].http): missing required field "paths"
- Execute bash command in pod with kubectl?
- Why is my K8s network policy denying access when it should by matching the label
- What is the difference between always and on failure for Kubernetes restart policy?
- ArgoCd does not trigger on GitOps repo update?
- Should I do liveness probe and readiness probe every second?
- How to list kubernetes services in k9s?
- Connecting K8s and Nomad using a single Consul Server (DC1). Is this even possible or what is the next best way to do so?
- What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
- Helm chart. I cannot send a command to the container via --set
- is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
- Cannot connect to Kubernetes NodePort Service
- How add JAVA_OPTS variable to wildfly by kubernetes yaml file?
- Is there a way to enable shareProcessNamespace for helm post-install hook?
- Helm Template Indention Error Using Dict Split and Range
- How to use kubernetes secrets in nodejs application?
- When PersistentVolumes are deleted on kubernetes?
- How do reclaim policys for persistent storage work in Kubernetes?
- Printing not being logged by Kubernetes
- Can't create Secret in Kubernetes: illegal base64 data at input
- Kubernetes - create secret with a label using cli in a single line
- How do I find the join command for kubeadm on the master?
- How to check ephemeral storage that is allocated to EKS node
- How to enter a pod as root?
- Access Denied on vault secrets
- Is there a way to generate a helm install script from a ConfigMap?