Member-only story
Run nginx as unprivileged user in Docker container on Kubernetes
While on production, it is important to run your containers as non root users to avoid any security vulnerabilities.
The rationale
From security perspective, running a process on container as root user is as bad as running a process as root on host machine itself. If a user manages to break out of an application running as root in a container, he may be able to gain access to the host with the same root user. More information about this can be found at this interesting blog post.
Prerequisites
We will be using helm for deploying our nginx application on kubernetes.
Create helm charts
The first thing we need to create is a deployment.yaml. The most basic deployment.yaml as given on official kubernetes docs looks like this. Here we have used the nginx unprivileged docker image instead of the nginx image. We can trust this image because it is also maintained and published by nginxinc.