Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to run as non root user #135

Open
jannekem opened this issue Nov 17, 2022 · 0 comments
Open

Add ability to run as non root user #135

jannekem opened this issue Nov 17, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@jannekem
Copy link

Is your feature request related to a problem? Please describe.
Microsoft Defender for Cloud recommends that running containers as root user should be avoided. This means that the pod securityContext should contain runAsNonRoot: true. My tests were configured with the following security context:

securityContext:
  runAsNonRoot: true
  runAsUser: 101  # varnish

Currently, the pod fails to start with the following error message since it doesn't have permissions to create a directory under /var/lib/varnish which is owned by root.

Error: Cannot create working directory '/var/lib/varnish/cache-statefulset-0/': Permission denied

Describe the solution you'd like
Ideally, the pod should be able to start as a non root user.

I wonder if this would be at all possible. This doesn't prevent us from using the image since the policy is not enforced but it would be nice to have for compliance with the recommendation.
@jannekem jannekem added the enhancement New feature or request label Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jannekem