I have multiple containers and want to run all the containers as a non-root user, I know adding securityContext will help me, but do I need to add securityContext in all the containers or adding it in specs level will help?
spec:
template:
metadata: Test image
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
-name: container-1
securityContext:
allowPrivilegeEscalation: false
-name: container-2
securityContext:
allowPrivilegeEscalation: false
The question is, runAsUser
is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?
The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?
Yes. It's applicable to all the containers, so you only need to add it to the pod spec if you want to have it in all the containers of that particular pod. As per the docs:
The security settings that you specify for a Pod apply to all Containers in the Pod.