add non-root directive to SC and kubelet checking

2025-11-20 16:35:12 +00:00 · 2015-08-10 13:30:34 -04:00
parent 72db123025
commit e490c20c22
11 changed files with 356 additions and 0 deletions
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@@ -2166,6 +2166,11 @@ type SecurityContext struct {

 	// RunAsUser is the UID to run the entrypoint of the container process.
 	RunAsUser *int64 `json:"runAsUser,omitempty"`
+
+	// RunAsNonRoot indicates that the container should be run as a non-root user.  If the RunAsUser
+	// field is not explicitly set then the kubelet may check the image for a specified user or
+	// perform defaulting to specify a user.
+	RunAsNonRoot bool
 }

 // SELinuxOptions are the labels to be applied to the container.