kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add troubleshooting tips for hostprocess containers 'failed to create user process token' error during container creation 

Signed-off-by: Mark Rossetti <marosset@microsoft.com>
This commit is contained in:
Mark Rossetti 2022-05-19 14:46:01 -07:00
parent 2a311eecb3
commit 17dc7c7e2f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md
View File

@ -214,3 +214,10 @@ container, aiming to limit the degree of privileges so as to avoid accidental (o
malicious) damage to the host. The LocalSystem service account has the highest level
of privilege of the three and should be used only if absolutely necessary. Where possible,
use the LocalService service account as it is the least privileged of the three options.
## Troubleshooting HostProcess containers
- HostProcess containers fail to start with `failed to create user process token: failed to logon user: Access is denied.: unknown`
Ensure containerd is running as `LocalSystem` or `LocalService` service accounts. User accounts (even Administrator accounts) do not have permissions to create logon tokens for any of the supported [user accounts](#choosing-a-user-account).