Skip to content

kube-dns cannot run as non-root user #190

New issue
New issue
Closed
Closed
kube-dns cannot run as non-root user#190
Labels
lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.
@diegs

Description

@diegs
diegs
opened on Jan 23, 2018

I attempted to run kube-dns as a non-root user by modifying the example YAML files to:

  • have dnsmasq serve on a high port using the --port flag
  • fix the service to point at the high port
  • add a non-root security context to the pod

This seems like it would be sufficient, but then I found that there are several hard-coded assumptions in the container image that dnsmasq will run as root:

https://github.com/kubernetes/dns/blob/master/images/dnsmasq/Dockerfile.cross
https://github.com/kubernetes/dns/blob/master/images/dnsmasq/dnsmasq.conf

Unless there is a strong reason why dnsmasq needs to run as root, I think it would be a better practice to run it as non-root.

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions