Nikhil Rajan:
I have question…regarding runasuser field in pod securtiy context. When we add as runasuser as 2000 , does this mean that user id will created in the container or do we have first have an existing user with user id as 2000
Fernando Jordan Silva:
No, the user is not created. If the user exists in the docker image, the container can use it. If the user doesn’t exist, the pod can use it but limitated (no home, it’s not into /etc/passwd, no privileges….)
Fernando Jordan Silva:
You can check it opening a shell in your pod and executing “uid”
Kubectl exec -it <pod> — uid
Nikhil Rajan:
So i should pass the user creation in the docker file then
Nikhil Rajan:
@Fernando Jordan Silva…would i be able to add a NET Admin capability…for this users if specified in the manifest file
Fernando Jordan Silva:
Yes, the capabilities field is used for that