Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kubernetes security context runAsUser

I have multiple containers and want to run all the containers as a non-root user, I know adding securityContext will help me, but do I need to add securityContext in all the containers or adding it in specs level will help?

spec:
  template:
    metadata: Test image

  spec:
    securityContext:
      runAsUser: 1000
      fsGroup: 1000
    containers:
    -name: container-1
     securityContext:
       allowPrivilegeEscalation: false
    -name: container-2
     securityContext:
       allowPrivilegeEscalation: false

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

like image 301
Vishrant Avatar asked Jan 02 '19 22:01

Vishrant


1 Answers

The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?

Yes. It's applicable to all the containers, so you only need to add it to the pod spec if you want to have it in all the containers of that particular pod. As per the docs:

The security settings that you specify for a Pod apply to all Containers in the Pod.

like image 172
Rico Avatar answered Sep 20 '22 19:09

Rico