Allow run as non root

[TheKangaroo]

Steps To Reproduce

I do not think it is currently possible to deploy the bitwarden helm chart in a cluster that requires pods to run without root. There is an option to provide security context to some pods, but not all. My installation on a security hardened cluster (no root containers allowed) failed as soon as I tried to deploy the bitwarden-db-pre-upgrade job. This job has no configurable security context, so I couldn't get any further.

It would be great if running as non-root was the default for a security oriented tool like bitwarden. As an alternative, I would like to see the option to run bitwarden as non-root with a custom values configuration.

Expected Result

It was possible to run in a hardened cluster

Actual Result

It is not possible at the moment

Screenshots or Videos

No response

Additional Context

No response

Chart Version

self-host-2024.4.0

Environment Details

No response

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[cfis]

I would also like to have this. Note when I set runAsUser and runAsGroup then bitwarden breaks with an error message:

invalid user: "bitwarden:bitwarden"

It looks like that user is hardcoded to id 1000/1000 here:

https://github.com/bitwarden/helm-charts/blob/c961f851815aead2490473e6be96a92cca1a51b1/charts/self-host/templates/pre-install-hook-configmap.yaml#L54

It would be nice if that could be changed to use runAsUser and runAsGroup settings.

[TheKangaroo]

@cfis I think the entrypoint of the containers need to run as root right now and drop down to bitwarden user once started. Thats something that needs to be fixed in the container images, but thats on the bitwarden side to fix.