Reputation: 977
Kubernetes - How to check if the Pod in K8S is running as root (or) non-root?
Is there a flag/field in kubectl describe pods which tells if the container is running as root or non-root, I have few containers, I need to check if they are running as root
Upvotes: 0
Views: 2005
Answers (2)
Reputation: 21
You can check the user and group ID of the container running in a Pod by running the command kubectl exec -it <pod-name> -- ps aux. The first column of the output will show the user and group ID in the format <user>/<group>. If the user ID is 0, then the container is running as the root user. If the user ID is not 0, then the container is running as a non-root user.
You can also check the security context of a pod using the command kubectl describe pod <pod-name>. The output will include a section labeled "Security Context" which will indicate the user and group ID the pod is running as.
You can also use kubectl get pod <pod-name> -o jsonpath='{.spec.containers[*].securityContext.runAsUser}' to check the user ID of the pod.
Upvotes: 1
Reputation: 1117
You can run whoami command inside the pod to see the name of the users. You can also check if runAsUser field is specified in the securityContext of pod's manifest. Containers by default run as root users.
For securityContext, check out examples in this link
Upvotes: 1
Related Questions
- kubernetes PodSecurityPolicy set to runAsNonRoot, container has runAsNonRoot and image has non-numeric user (appuser), cannot verify user is non-root
- Find running container's user ID in Kubernetes for all pods in a cluster
- How to check other containers file systems within a k8s pod?
- How access to kubernetes with root user?
- run container as root user
- Kubernetes: Run container as non-root if there is no user specified
- How do I tell if my container is running inside a Kubernetes cluster?
- how to login as root to running pod as root in kubernetes
- How to check the containers running on a pod in kubernettes?
- How to validate that a Pod is running privileged