Configure a Non-Root Install
Prevent Couchbase Server containers from running as root.
When using Kubernetes all pods are run as root by default.
This is a security concern for many enterprises, so they enforce pods be run as a non-root user.
By default, Couchbase server pods will change their user to
couchbase (UID 1000), however performing a
kubectl exec into a pod still runs as root.
This how-to shows how to run as a non-root user in all circumstances.
Red Hat OpenShift users should already have mandatory user randomization, so can ignore this guide.
Non-root Couchbase Server installs are configured as follows:
apiVersion: couchbase.com/v2 kind: CouchbaseCluster spec: securityContext: runAsNonRoot: false (1) runAsUser: 1000 (2)