K
Q

k8s securityContext.runAsUser vs Dockerfile USER instruction

7/5/2019

What is the difference between selecting the user to run as in the securityContext.runAsUser section of my k8s deployment, vs specifying the user using USER myuser in the Dockerfile?

I'm particularly interested in if there are security concerns associated with USER myuser that don't exist under securityContext

-- Mike S
docker
kubernetes

Similar Questions

AKS External Load Balancer is not Communicating with PODS
How to troubleshoot a deployment that keeps crashing
Maven/Gradle container fails to build project on internal k8s cluster
kustomize configmap command: what does it do?
kubernetes LoadBalancer service target port set as random in GCP instead of as configured

1 Answer

7/5/2019

MustRunAsNonRoot

Users and groups

Requires that the pod be submitted with a non-zero runAsUser or have the USER directive defined (using a numeric UID) in the image. Pods which have specified neither runAsNonRoot nor runAsUser settings will be mutated to set runAsNonRoot=true, thus requiring a defined non-zero numeric USER directive in the container. No default provided. Setting allowPrivilegeEscalation=false is strongly recommended with this strategy.

So USER directive is important when you want the container to be started as non-root.

-- Prakash Krishna
Source: StackOverflow