Any point in running containers as non-root on openshift

root containers kubernetes openshift

Solution 1:

The correct approach to security should be using the minimum required privileges.

If something doesn't really need root access, it shouldn't have it.

Solution 2:

One can never say there is enough security in place, some other guy will always find a way to crack that sooner or later, whether it's with technological know-how, social engineering, or some other method I'm not aware of it will happen.

It's all depends on how important it is to you and what type or level of attackers are you expecting to encounter. If you're willing to take the risk or not that's your decision (or your company's one), but since you're using Openshift, a security-focused "version\distro" of Kubernetes I think you'll be more inclined to go to the security heavy approach.

Also, think how much of an inconvenience that would be to you? If not much I think it's worth a shot, if not then consult your answer to paragraph 2.

cri-o and podman have better design when speaking security wise but they're not free of issues just as well as docker isn't.

Related

How to set value of ipa_hostname directive in sssd.conf using Augeas
nginx prevent cache for proxy/fast_cgi on response 5xx
How can I use IIS administration commandlets on Windows Server 2012 R2?
DDOS Attack to http server and iptables doesn't help (i have access_log) [duplicate]
How to implement a uptime-monitoring and forced shutdown after a defined uptime with notifications and countdown [closed]
How do you port forward a privileged sub-1024 port to a non-privileged 1024+ port with firewalld?
Ubuntu 20.04 routing for just one IP (in the same subnet) ends in "dev lo" instead "dev eth0", kubernetes worker node can't connect to master node
NFS: control file/folder access using groups on the server
Routing from mikrotik two IP addresses to same gateway
Postfix service enabled but won't start on reboot
How to scale OpenVPN when client-to-client is a must?
Apache 2 Fast CGI php issue