Run EC container as non-root("ec") user

[palokam]

EC Agent container is running as a root, but for security reasons, we should run this as non-root user (ec user)

Please create a user called "ec" and use to that user to run in the container

[ayasuda2OO3]

pod owner/configurator has the role and say in how the container should be deployed. Adding k8s spec in example to run a container as a non-root user. @palokam @simran3695

[ayasuda2OO3]

The example output the spec w/ a non-root user with uid#4000, resulting in the non-privileged deployment with restrictions such as the inaccessibility to any ports num < 1024. The controller of the pod may create an user (ec) in its the OCI spec mapping to the non-privileged container (agent+plugin) E.g. UID: 4000 -> ec.

[ayasuda2OO3]

add argocd to pkg deployment simulation as specified to avoid discrepancy. @palokam @sheshankgujjari @simran3695

[ayasuda2OO3]

@naddym please confirm this securityContext setting will fix the permission issue.

The agt+plugin container will remain the current user context and running as a non-privileged user at cluster. @palokam @simran3695

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.