kube-httpcache icon indicating copy to clipboard operation
kube-httpcache copied to clipboard
verified publisher icon mittwald

Add ability to run as non root user

Open jannekem opened this issue 3 years ago • 0 comments

Is your feature request related to a problem? Please describe. Microsoft Defender for Cloud recommends that running containers as root user should be avoided. This means that the pod securityContext should contain runAsNonRoot: true. My tests were configured with the following security context:

securityContext:
  runAsNonRoot: true
  runAsUser: 101  # varnish

Currently, the pod fails to start with the following error message since it doesn't have permissions to create a directory under /var/lib/varnish which is owned by root.

Error: Cannot create working directory '/var/lib/varnish/cache-statefulset-0/': Permission denied

Describe the solution you'd like Ideally, the pod should be able to start as a non root user.

I wonder if this would be at all possible. This doesn't prevent us from using the image since the policy is not enforced but it would be nice to have for compliance with the recommendation.

jannekem avatar Nov 17 '22 09:11 jannekem