Running docker processes as root or a user?

We are working on improving our dockerfiles. One question commonly asked by my team whether we should run docker processes as root or create stand alone user for that.

USER foo_user
COPY --chown=foo_user:foo_user 

Tho Docker recommended solution is stand alone user. I wanted to confirm with you if it is also necessary and recommended way for our kubernetes setup.
Based on my investigation we already have some cluster/pod security policies defined with clusters created by Qovery.
So I wanted to confirm if such extra measures are required as well as if it may have some implications on our deployments, failover strategies etc.
Thank you in advance!


Yes, running as non-root is a best security practice for containers.
Security is by layer, so even if there are pod policies in place, if you don’t need your application to use root, you should aim to have a local user in your container.