I think I found a bug in a kubernetes lab

Hi Kodekloud Team:

In the CKA course, in the section security, in the lab practice set security context (second exercise) I think there is an issue with the answer provided as solution.

The only modification needed is to add in spec :

SecurityContext:
  runAsUser: 1010

But that doesn’t works in the lab, the only way to mark this as correct is by doing the same but in the container, something like this:

spec:
  containers:
   - name: MyContainer
     securityContext:
       runAsUser: 1010

I don’t know if that’s okey or not, I think it does. But the kodekloud solution provides using the variables outside of the container specifications.

Since “runAsUser” is legal in both types of securtiyContexts, either the grader should allow either style, or the instructions should indeed tell you which to use. I’d agree that’s a lab bug. This has been reported before, though, and the conclusion was to leave this as it was. I personally disagree with this – so did the engineer that reported this – but it’s not an unreasonable position.

1 Like

Thanks @rob_kodekloud for the reply. There a similar issue in the exercise 5 and 6 of the lab: Is the same issue right ? You need to define the securityContext inside the container.

For learning propose: The only difference is that if you define the securityContext outside of the container it will apply to any container, but if you apply inside the container it will override any general config for that particular container ?

One tricksy thing to watch for: when you define the securityContext at the pod level, make sure that lower in the file that there isn’t a line like securityContext: {}. Because there often is; it will override a block that’s higher up in the file. This might also be why they decided to encourage people to put it under the container unless there’s a solid reason to do it at the pod level – because the pod level configuration can silently fail if you don’t remove that reference lower in the file.

1 Like

Thank you so much @rob_kodekloud for your information. Always appreciated.

Have a nice week!