Container Running User

less than 1 minute read

Running a Docker container as root could raise a lot of red flags in security scanning. So we have been trying to make our Docker containers support running as non-root user lately.

The summary:

  1. Need to create a default user when we build the image in Dockerfile. use ‘USER username’ to indicate by default it’s running as that user. Some scanning tools will check this
  2. In Kubernetes deployment YML file, add the securityContext section like below:

  runAsUser: 2000
  fsGroup: 2001

This will override the ‘USER’ in Docker image

Categories: Tech