Neo4j Docker image cannot run on kubernetes as non root user

In Kubernetes (K8S) various levels of security can be set which apply cluster-wide to Pods running containers. One of which is a policy which prevents containers within a Pod to be executed/run as root user (runAsNonRoot).

If this config is set, but the Pod definition for your K8S cluster does override securityContext>runAsUser value then upon trying to have neo4j container(s) started you will see an error along the lines of:

Error: container has runAsNonRoot and image will run as root

To resolve this issue, make sure that in your K8S’ cluster Pod definition, you have something similar to the following:

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
....

runAsUser is the UID used to run the entrypoint of the container process, in this case Neo4j’s. The value is a high number chosen to avoid conflicts with the host’s user table.

  • Last Modified: 2020-09-23 21:26:58 UTC by Kambiz Chehresa.
  • Relevant for Neo4j Versions: 3.4, 3.5.
  • Relevant keywords kubernetes, docker, security.