K
Q

Kubernetes security context runAsUser

1/2/2019

I have multiple containers and want to run all the containers as a non-root user, I know adding securityContext will help me, but do I need to add securityContext in all the containers or adding it in specs level will help?

spec:
  template:
    metadata: Test image

  spec:
    securityContext:
      runAsUser: 1000
      fsGroup: 1000
    containers:
    -name: container-1
     securityContext:
       allowPrivilegeEscalation: false
    -name: container-2
     securityContext:
       allowPrivilegeEscalation: false

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

-- Vishrant
kubernetes
kubernetes-helm

Similar Questions

java.lang.NoSuchMethodError: org.apache.kafka.clients.consumer.KafkaConsumer.assign
kubectl cp: data lost?
Does Helm have a limit to the size of its history?
Kubernetes error: Unable to connect to the server: dial tcp 127.0.0.1:8080
How do I actually get the output of kubectl kustomize into my cluster?
how to set image name/tag for container images specified in CRDs in kustomization.yaml
Kubernetes dployments

1 Answer

1/3/2019

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

Yes. It's applicable to all the containers, so you only need to add it to the pod spec if you want to have it in all the containers of that particular pod. As per the docs:

The security settings that you specify for a Pod apply to all Containers in the Pod.

-- Rico
Source: StackOverflow