Running calico as non-root user

[LyKos4]

Are there security dangers in running the calico pods' containers as root user in a kubernetes cluster?
If so, what are they? (Please describe scenario)
Also, are all pods affected? Either they are accessible with bash/sh or not?

Is there a way to run calico pods with a non-privileged user with no problems?

[frozenprocess]

@Behnam-Shobiri could you please help with this question?

[anthonytwh]

Hi @LyKos4, there are always risks with running any pod (Calico or otherwise) as root. You can find documentation about non-root mode for Calico here: https://docs.tigera.io/calico/latest/network-policy/non-privileged. Shell access to our pods/containers are restricted and removed from the image at build time where it is not needed.