I have a question about how kubernetes maps the host users with the containers’ usernamespace user.
Basically, when I create a securityContext with runAsUser set to a uid which exists in the host usernamespace, I can see in the host ps -aux
output that the process is started with this specific uid (and therefore the same username). This leads to weird things such as sshd running sleep command when I pass runAsUser: 106 in the pod securityContext.
sshdSleepingImage
Therefore, I think that Kubernetes (or containerd ?) maps the host uid 106 to the container usernamespace userid 106. Is it the expected behaviour?
Wouldn’t it be more logical to map the nobody user of the host (or at least an other user or uid) with the user in the container usernamespace?
Thanks in advance for the answers