Open TheKangaroo opened 4 months ago
I would also like to have this. Note when I set runAsUser and runAsGroup then bitwarden breaks with an error message:
invalid user: "bitwarden:bitwarden"
It looks like that user is hardcoded to id 1000/1000 here:
It would be nice if that could be changed to use runAsUser and runAsGroup settings.
@cfis I think the entrypoint of the containers need to run as root right now and drop down to bitwarden user once started. Thats something that needs to be fixed in the container images, but thats on the bitwarden side to fix.
Steps To Reproduce
I do not think it is currently possible to deploy the bitwarden helm chart in a cluster that requires pods to run without root. There is an option to provide security context to some pods, but not all. My installation on a security hardened cluster (no root containers allowed) failed as soon as I tried to deploy the bitwarden-db-pre-upgrade job. This job has no configurable security context, so I couldn't get any further.
It would be great if running as non-root was the default for a security oriented tool like bitwarden. As an alternative, I would like to see the option to run bitwarden as non-root with a custom values configuration.
Expected Result
It was possible to run in a hardened cluster
Actual Result
It is not possible at the moment
Screenshots or Videos
No response
Additional Context
No response
Chart Version
self-host-2024.4.0
Environment Details
No response
Issue Tracking Info