Menu
What is the difference between selecting the user to run as in the securityContext.runAsUser section of my k8s deployment, vs specifying the user using USER myuser in the Dockerfile?
I'm particularly interested in if there are security concerns associated with USER myuser that don't exist under securityContext
260
Users and groups
Requires that the pod be submitted with a
non-zero runAsUseror have theUSER directive defined(using a numeric UID) in the image. Pods which have specified neither runAsNonRoot nor runAsUser settings will be mutated to setrunAsNonRoot=true, thus requiring a definednon-zero numeric USER directivein the container. No default provided. Setting allowPrivilegeEscalation=false is strongly recommended with this strategy.
So USER directive is important when you want the container to be started as non-root.
157
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
