Can we provide a User Name that needs to be run as by a pod/containers in kubernetes?

Question

In Pod specification, there is an option to specify the user ID that needs to be run as by all containers

podSecurityContext:
  runAsUser: <a numeric Id>

Is there a way we can change the user name as well, the way we have for windows pods and container, like below

  securityContext:
    windowsOptions:
      runAsUserName: "ContainerUser"

Answer 1

Unfortunately, there is no such way. WindowsSecurityContextOptions contain Windows-specific options and credentials. PodSecurityContext allows you to use:

• securityContext.runAsUser (int64)

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

• securityContext.runAsNonRoot (boolean)

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

• securityContext.runAsGroup (int64)

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

Trying to use String instead of Integer for runAsUser will result in error:

invalid type for io.k8s.api.core.v1.SecurityContext.runAsUser: got "string", expected "integer"