Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

k8s securityContext.runAsUser vs Dockerfile USER instruction

What is the difference between selecting the user to run as in the securityContext.runAsUser section of my k8s deployment, vs specifying the user using USER myuser in the Dockerfile?

I'm particularly interested in if there are security concerns associated with USER myuser that don't exist under securityContext

like image 260
Mike S Avatar asked Jul 05 '19 19:07

Mike S


1 Answers

MustRunAsNonRoot

Users and groups

Requires that the pod be submitted with a non-zero runAsUser or have the USER directive defined (using a numeric UID) in the image. Pods which have specified neither runAsNonRoot nor runAsUser settings will be mutated to set runAsNonRoot=true, thus requiring a defined non-zero numeric USER directive in the container. No default provided. Setting allowPrivilegeEscalation=false is strongly recommended with this strategy.

So USER directive is important when you want the container to be started as non-root.

like image 157
Prakash Krishna Avatar answered Sep 18 '22 05:09

Prakash Krishna