Kubernetes security context runAsUser

1/2/2019

I have multiple containers and want to run all the containers as a non-root user, I know adding securityContext will help me, but do I need to add securityContext in all the containers or adding it in specs level will help?

spec:
  template:
    metadata: Test image

  spec:
    securityContext:
      runAsUser: 1000
      fsGroup: 1000
    containers:
    -name: container-1
     securityContext:
       allowPrivilegeEscalation: false
    -name: container-2
     securityContext:
       allowPrivilegeEscalation: false

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

-- Vishrant
kubernetes
kubernetes-helm

1 Answer

1/3/2019

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

Yes. It's applicable to all the containers, so you only need to add it to the pod spec if you want to have it in all the containers of that particular pod. As per the docs:

The security settings that you specify for a Pod apply to all Containers in the Pod.

-- Rico
Source: StackOverflow