How can I create an image not running with root user?

[beatjost]

Description of the issue:
Default configuration gives me the following warning:

Image docker.io/company/app runs as the root user which might not be permitted by your cluster administrator.

Expected behavior:
Possibility to set a user or automatically use a specific user.

Steps to reproduce:

• just run gradlew jib
• pull image from registry (e.g. on openshift)
  -> warning that images runs on root user...

Environment:

jib-gradle-plugin Configuration:

jib {
  to {
    image = 'company/app:'+version
    auth {
      ...
    }
  }
}

[coollog]

Hi @beatjost , do you happen to be running the image with docker? If so, you can run the image with a specific user. I'd recommend 1000 as a default:

docker run --user 1000 <image>

If you are running on Kubernetes, I would recommend always running pods with a security context:

Example from that page:

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false

[beatjost]

Thank you for your reply - will try with 'security context'...