Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kubernetes: Run container as non-root if there is no user specified

Tags:

kubernetes

How can I make every container run as non-root in Kubernetes?

Containers that do not specify a user, as in this example, and also do not specify a SecurityContext in the corresponding deployment, should still be able to be executed in the cluster - but without running as root. What options do you have here?

FROM debian:jessie
RUN apt-get update && apt-get install -y \
    git \
    python \
    vim
CMD ["echo", "hello world"]

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
  namespace: mynamespace
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
        - image: hello-world
          name: hello-world
like image 764
user5580578 Avatar asked Dec 11 '25 04:12

user5580578

1 Answers

you can add Pod Security Policy to your cluster, there is an option (below) you can add to prevent any deployment from running without specifying a non-root user:

spec:
  runAsUser:
    rule: MustRunAsNonRoot

for more info about Pod Security Policy please go to this link: https://kubernetes.io/docs/concepts/security/pod-security-policy/

like image 113
mohalahmad Avatar answered Dec 14 '25 01:12

mohalahmad

Sign in to Comment

Related questions

use server environment variable on image
Manage deployments using the Kubernetes REST API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!