Run Containers as a Non-root User

For TiDB Operator containers, you can configure security context in the Helm file. All TiDB Operator components (at <controllerManager/scheduler/advancedStatefulset/admissionWebhook>.securityContext) support this configuration.

Configure containers controlled by CR

For the containers controlled by Custom Resource (CR), you can configure security context in any CRs (TidbCluster/DmCluster/TidbInitializer//Backup/BackupSchedule/Restore) to make the containers run as a non-root user.