> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Container run as root user

### Event Information

#### Meaning

* The Container Run as Root User event in a Kubernetes cluster indicates that a container is running with the root user privileges.
* Running containers as the root user can pose a security risk as it grants unrestricted access to the underlying host system.
* Compliance standards such as CIS Kubernetes Benchmark recommend running containers with non-root users to minimize the potential impact of security vulnerabilities.

To address this event:

* Identify the specific container that is running as the root user by checking the container's security context or the user specified in the Dockerfile.
* Update the container's security context or Dockerfile to run as a non-root user.
* Use Kubernetes Role-Based Access Control (RBAC) to restrict the permissions of the container and limit its access to the host system.

#### Remediation

To remediate the event "Container Run as Root User" using the Python Kubernetes API, you can follow these steps:

1. Identify the affected deployment or pod:
   * Use the Kubernetes API to list all deployments or pods in the cluster.
   * Filter the list to find the deployment or pod that triggered the event.

2. Update the deployment or pod manifest:
   * Modify the security context of the container to run as a non-root user.
   * Set the `runAsNonRoot` field to `true` in the container's security context.
   * Optionally, specify a specific user ID or group ID to run the container as.

3. Apply the updated manifest:
   * Use the Kubernetes API to apply the updated deployment or pod manifest.
   * Use the Python Kubernetes API client to send a PATCH request to the Kubernetes API server with the updated manifest.

Here's an example of how you can use the Python Kubernetes API to remediate the event:

```python theme={null}
from kubernetes import client, config

# Load the Kubernetes configuration
config.load_kube_config()

# Create an instance of the Kubernetes API client
api_client = client.ApiClient()

# Identify the affected deployment or pod
deployment_name = "your-deployment-name"
namespace = "your-namespace"

# Get the deployment manifest
deployment = api_client.call_api(
    f"/apis/apps/v1/namespaces/{namespace}/deployments/{deployment_name}",
    "GET",
    response_type=client.V1Deployment,
)

# Modify the security context of the container
container = deployment.spec.template.spec.containers[0]
container.security_context = client.V1SecurityContext(run_as_non_root=True)

# Apply the updated manifest
api_client.call_api(
    f"/apis/apps/v1/namespaces/{namespace}/deployments/{deployment_name}",
    "PATCH",
    body=deployment,
    response_type=client.V1Deployment,
)
```

Please note that you need to replace `"your-deployment-name"` and `"your-namespace"` with the actual names of the affected deployment or pod and its namespace.
