CIS-1.6 profile, root containers allowed?


I recently set up an RKE2 test cluster where I used the profile: cis-1.6 as an option during installation. I was under the impression that I wasn’t able to run containers as ‘root’ anymore, which was not really an issue as I think that’s generally not a good idea.

Now I created another setup that should be used in production, also with the profile: cis-1.6 flag, but interestingly I can run containers as ‘root’ user on this one. Unfortunately I do not have the test setup anymore and so I am wondering if I was mistaken in the first place that the cis-1.6 profile would forbid containers running as root?

Is there a way to check if the profile has been applied?

I guess I can clarify that myself: it is right, the root user cannot be used with the CIS-1.6 profile. It seems that restoring a backup using Velero somehow managed to restore the pods in a running state and interestingly running as root user.
After restarting the deployments, the pods didn’t come up anymore with the warning that the root user was not allowed to be used.