What’s the difference between runAsUser=0 and privileged=true? Docs say that privileged=true equals to running container process as root user… but isn’t it the same as setting the pod user to 0, which again is root user on the host? I can’t fully understand the difference between those two settings.
runAsUser 0 grants root access within the container itself. It also grants root access to any filesystems from the host that are mounted within the container.
privileged additionally grants access to the host’s operating system , including all capabilities such as changing kernel parameters, interacting with device drivers etc, unless you restrict some of those capabilities with capability drop.