Error: container has runAsNonRoot and image will run as root #7148
Description
Report
Pods using the helm install method in the documentation fail to start with error "Error: container has runAsNonRoot and image will run as root".
published image for 2.17.2 does not report having a non-root User:
docker inspect ghcr.io/kedacore/keda-admission-webhooks:2.17.2
[
{
"Id": "sha256:c8227c6edb4d9926f7ed366bc8f383e9e461c6dd58d708e97539ad9393caffa8",
"RepoTags": [
"ghcr.io/kedacore/keda-admission-webhooks:2.17.2"
],
"RepoDigests": [
"ghcr.io/kedacore/keda-admission-webhooks@sha256:c8227c6edb4d9926f7ed366bc8f383e9e461c6dd58d708e97539ad9393caffa8"
],
"Parent": "",
"Comment": "",
"DockerVersion": "",
"Author": "",
"Architecture": "",
"Os": "",
"Size": 26029565,
"GraphDriver": {
"Data": null,
"Name": "overlayfs"
},
"RootFS": {},
"Metadata": {
"LastTagTime": "2025-10-01T19:33:40.213923504Z"
},
"Descriptor": {
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:c8227c6edb4d9926f7ed366bc8f383e9e461c6dd58d708e97539ad9393caffa8",
"size": 1609
},
"Config": {
"Cmd": null,
"Entrypoint": null,
"Env": null,
"Labels": null,
"OnBuild": null,
"User": "",
"Volumes": null,
"WorkingDir": ""
}
}
]
Expected Behavior
Following deploy steps in documentation results in a usable KEDA installation with no errors.
Actual Behavior
0 of 3 pods are available due to above error.
Steps to Reproduce the Problem
helm install keda kedacore/keda --namespace keda --create-namespacekubectl get pods -n keda
Pods show 0/1 for all three deployments with CreateContainerConfigError
Logs kubeclt -n keda describe pod/....
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 47s default-scheduler Successfully assigned keda/keda-admission-webhooks-674cbfffd9-qz6wg to docker-desktop
Normal Pulled 46s kubelet Successfully pulled image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2" in 271ms (864ms including waiting). Image size: 26029565 bytes.
Normal Pulled 45s kubelet Successfully pulled image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2" in 290ms (290ms including waiting). Image size: 26029565 bytes.
Normal Pulled 32s kubelet Successfully pulled image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2" in 332ms (332ms including waiting). Image size: 26029565 bytes.
Normal Pulled 18s kubelet Successfully pulled image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2" in 308ms (702ms including waiting). Image size: 26029565 bytes.
Normal Pulling 7s (x5 over 46s) kubelet Pulling image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2"
Warning Failed 6s (x5 over 46s) kubelet Error: container has runAsNonRoot and image will run as root (pod: "keda-admission-webhooks-674cbfffd9-qz6wg_keda(81e5a88c-b222-4b05-8c5b-2a7999a20d9a)", container: keda-admission-webhooks)
Normal Pulled 6s kubelet Successfully pulled image "ghcr.io/kedacore/keda-admission-webhooks:2.17.2" in 401ms (401ms including waiting). Image size: 26029565 bytes.
KEDA Version
2.17.2
Kubernetes Version
Other
Platform
Other
Scaler Details
No response
Anything else?
This issue is occurring in Docker for Desktop, Mac OS 26.0.1,
docker version
Client:
Version: 28.4.0
API version: 1.51
Go version: go1.24.7
Git commit: d8eb465
Built: Wed Sep 3 20:56:26 2025
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.47.0 (206054)
Engine:
Version: 28.4.0
API version: 1.51 (minimum version 1.24)
Go version: go1.24.7
Git commit: 249d679
Built: Wed Sep 3 20:58:53 2025
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.7.27
GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da
runc:
Version: 1.2.5
GitCommit: v1.2.5-0-g59923ef
docker-init:
Version: 0.19.0
GitCommit: de40ad0
kubectl version
Client Version: v1.34.1
Kustomize Version: v5.7.1
Server Version: v1.34.1