i am atm trying to get familiar with cdk8s and try to deploy a container to a cluster. All this is working fine until i want to run the container as root user (i know it’s not best practice but i want to have the option to).
I have the following class:
export class WebService extends Chart {
Service: kplus.Service
IngressBackend: kplus.IngressBackend
Container: kplus.Container
constructor(scope: Construct, id: string, props: WebServiceProps) {
super(scope, id)
const port = props.port || 80
// const containerPort = props.containerPort || 8080
const label = { app: Names.toDnsLabel(this) }
const replicas = props.replicas ?? 1
const deployment = new kplus.Deployment(scope, Names.toDnsLabel(this), {
replicas: replicas,
metadata: { labels: label },
})
this.Container = deployment.addContainer({
image: props.image,
port: port,
})
The Webservice has an interface which declares all the necessary stuff.
I would expect this to work:
this.Container = deployment.addContainer({
image: props.image,
port: port,
securityContext: {
runAsNonRoot: false,
},
})
But it seems the runAsNonRoot option is not part of the ContainerSecurityContextProps interface. The option is part of the underlying SecurityContext Interface so I was thinking about useing an escape hatch: https://cdk8s.io/docs/latest/basics/escape-hatches/ but honestly i got no clue how to even start with that (i am relativly new to typescript so i don’t really understand the documentation for it)
If somebody could point out to me how to use the escape-hatches that would be awesome.