Overview
"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.
Default Users
| Users | id | group |
|---|---|---|
| root | ||
| nonroot | 65532 | 65532 |
To define the nonroot user in a kubernetes pod/deployment you will need to set the securityContext as defined below:
spec:
template:
spec:
securityContext:
runAsUser: 65532
fsGroup: 65532
References
| Reference | URL |
|---|---|
| "Distroless" Container Images | https://github.com/GoogleContainerTools/distroless |
| How to add a directory where non-root user can write #427 | https://github.com/GoogleContainerTools/distroless/issues/427 |