Problem:
Most Docker containers and the processes inside run with non-root user, because of better security. If the container process is running with root (uid 0) it will be the same root as on the host. In this case user may get access to host from the container, thus gaining the root privilege on the host. This is of course a security concern.
However there can be a case when you need to run a container with root privilege because of permission issues of the volumes on the host.
Solution:
In order to run a container inside a pod with root, add following config:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
spec:
template:
spec:
containers:
- image: my-image
name: my-app
...
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
Now when you enter the 'my-image' container with docker exec
or kubectl exec
, you will see that the user is root. šš¼
āļø FREE Docker & Kubernetes course āļø
I'm happy to connect with you on š