Skip to content

Validate that containers run as non-root #7157

New issue
New issue
Closed
#9640
Closed
Validate that containers run as non-root#7157
#9640
Assignees
AleksandarSavchev
Labels
area/ipceiIPCEI (Important Project of Common European Interest)area/qualityOutput qualification (tests, checks, scans, automation in general, etc.) relatedarea/securitySecurity relatedkind/enhancementEnhancement, improvement, extension
@dimityrmirchev

Description

@dimityrmirchev
dimityrmirchev
opened on Dec 7, 2022

How to categorize this issue?

/area security quality
/kind enhancement

What would you like to be added:
For a lot of Gardener components we have already minimized the container images (example). For most of them we also use non-root users to run them. I propose that we enhance the securityContext of pods with the runAsNonRoot field (read more here). This will force the kubelet to validate that the containers in a pod are started with a non-root user.

Why is this needed:
This change will prevent accidentally changing the user of a container and will help validate that containers are started as we intent.

Metadata

Metadata

Assignees

Labels

area/ipceiIPCEI (Important Project of Common European Interest)area/qualityOutput qualification (tests, checks, scans, automation in general, etc.) relatedarea/securitySecurity relatedkind/enhancementEnhancement, improvement, extension

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions