nsa-cisa-k8s-v1.2-running-as-non-root
Closed this issue · 1 comments
lesaux commented
UID and GID below 1000 go against nsa-cisa-k8s-v1.2 compliance
Allowed runAsGroup: {"ranges": [{"max": 65536, "min": 1000}], "rule": "MustRunAs"}
Allowed runAsUser: {"ranges": [{"max": 65536, "min": 1000}], "rule": "MustRunAs"}
Thus gatekeeper in kubernetes is complaining about this container.
Describe the solution you'd like
can we make the default UID and GID above 1000
Describe alternatives you've considered
I could rebuild my own image but I believe this will benefit the community.
alessfg commented
Hey @lesaux, and sorry for the late reply! I'll keep things short -- after some internal chats we have decided to not switch the default UID/GID.
However, the Dockerfiles here are built in such a way that you should be able to easily rebuild them and change the UID/GID using build args; and, I've gone ahead and added a couple lines to the troubleshooting tips on the README detailing how to do so in 9d9d3b0 😄