Reputation: 3118
Does Kubernetes runAsUser security context setting, override the user setting in the container image?
After reading about kubernetes pod security context in the k8s documentation (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) - I have a question that I could not find an answer to.
The security context allows adding runAsUser setting with a user ID. Can this be used to run a container image that has NOT been modified to run as a non-root user. Meaning if the runAsUser is set to say 1000 and the container image that runs in this pod, does not use a USER directive / or basically is built to run as root, will the runAsUser setting override the container image? Will the container run with user 1000 or will it continue to run as root?
Working on to setup Kubernetes and try this scenario in a cluster but would like to understand the concept and what the expected behavior is.
Upvotes: 4
Views: 3486
Answers (1)
Reputation: 6271
Yes this will run the container with the provided user id (ignoring the user in the container image).
Upvotes: 2
Related Questions
- kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root
- Does Kuberenetes use the USER instruction from the Dockerfile?
- Where did Kubernetes Security context runAsUser 1000 come from?
- k8s securityContext.runAsUser vs Dockerfile USER instruction
- How to escalate kubernetes container privileges for pod securityContext runAsUser: 1010
- kubernetes: using value of runAsUser in an environment variable using valueFrom?
- K8S: Pass the runAsUser permission to files created inside container
- Kubernetes, security context, fsGroup field and default user's group ID running the container
- Kubernetes Pod Security Policy Default Privileged Value
- Kubernetes security context runAsUser