I noticed that my liveness probes ( for example from here) runs as a root user. I could use "su -c" to change the user "inside" the probe CLI, but may be there is a way to declare liveness to run the probe as non-root ?
Check out kubernetes docs for Security Context: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
You can define a securityContext key under spec or spec.containers[].
Allowed values can be found in the API docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#podsecuritycontext-v1-core
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-2
spec:
securityContext:
runAsUser: 1000
containers:
- name: sec-ctx-demo-2
image: gcr.io/google-samples/node-hello:1.0
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false