Suche

Run pod with root privileges

Most docker containers and the processes inside run with non-root user, because of better security. If the container process is running with root (uid 0) it will be the same root as on the host. In this case user may get access to host from the container thus gaining the root privilege on the host. This is of course a security concern.


However there can be a case when you need to run a container with root privilege because of permission issues of the volumes on the host.


In order to run a container inside a pod with root, add following config:


apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: my-app

spec:

template:

spec:

containers:

- image: my-image

name: my-app

...

securityContext:

allowPrivilegeEscalation: false

runAsUser: 0


Now when you enter the my-image container with docker exec or kubectl exec, you will see that the user is root.


Nicole Hiller  |  Nana Janashia

Mail: info@nnsoftware.at

©2018 by nnSoftware