I have a question about how kubernetes maps the host users with the containers’ usernamespace user.
Basically, when I create a securityContext with runAsUser set to a uid which exists in the host usernamespace, I can see in the host
ps -aux output that the process is started with this specific uid (and therefore the same username). This leads to weird things such as sshd running sleep command when I pass runAsUser: 106 in the pod securityContext.
Therefore, I think that Kubernetes (or containerd ?) maps the host uid 106 to the container usernamespace userid 106. Is it the expected behaviour?
Wouldn’t it be more logical to map the nobody user of the host (or at least an other user or uid) with the user in the container usernamespace?
Thanks in advance for the answers