Container Running User

less than 1 minute read

Running a Docker container as root could raise a lot of red flags in security scanning. So we have been trying to make our Docker containers support running as non-root user lately.

The summary:

Need to create a default user when we build the image in Dockerfile. use ‘USER username’ to indicate by default it’s running as that user. Some scanning tools will check this
In Kubernetes deployment YML file, add the securityContext section like below:

securityContext:
runAsUser: 2000
fsGroup: 2001

This will override the ‘USER’ in Docker image

Share on

Twitter Facebook LinkedIn

You may also enjoy

Ottawa

06:37 September 12, 2021

Went to Ottawa in our Labour Day week vacation. Haven’t been on a road trip for 2 years. Traffic was good. Food was delacious.

Home Office

08:45 May 19, 2021

AWS Console Auto Refresh

16:02 April 02, 2021

There is a refresh button in many resource pages of AWS web console. I have to click it manually to refresh. It doesn’t poll intermitentlly like GCP. I was p...

AppleScript to Toggle Sidecar

20:29 March 14, 2021

I’ve been using my iPad as my secondary screen when I use my MacBook in my sunroom. Connecting and disconnecting the sidecar screen is an annoying chore. I w...