How to run liveness probe as non-root user?

12/9/2019

I noticed that my liveness probes ( for example from here) runs as a root user. I could use "su -c" to change the user "inside" the probe CLI, but may be there is a way to declare liveness to run the probe as non-root ?

-- Andy
kubernetes

1 Answer

12/9/2019

Check out kubernetes docs for Security Context: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

You can define a securityContext key under spec or spec.containers[].

Allowed values can be found in the API docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#podsecuritycontext-v1-core

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false
-- Connor Graham
Source: StackOverflow