Run as non-root user instead of root
Closed this issue · 1 comments
rwkarg commented
It is not clear that there is any need to run this container as root user. This should be updated to run as non-root or have explicit documentation as to why a root user is required for the container.
rwkarg commented
The base gcr.io/distroless/static has a nonroot tag that runs as a non-root user.
Additionally, the Pod spec needs the numeric uid specified in the securityContext to allow PodSecurityPolicies (or future tooling like OPA Gatekeeper) to know that it's actually running as a non-root user.