Container Running User
Running a Docker container as root could raise a lot of red flags in security scanning. So we have been trying to make our Docker containers support running as non-root user lately.
The summary:
- Need to create a default user when we build the image in Dockerfile. use ‘USER username’ to indicate by default it’s running as that user. Some scanning tools will check this
- In Kubernetes deployment YML file, add the securityContext section like below:
securityContext:
runAsUser: 2000
fsGroup: 2001
This will override the ‘USER’ in Docker image