Hi,
in Pull Request 48, there was an open question about OpenShift compatibility with the schema registry image. Since OpenShift replaces the user the pods are run with, the permission changes in this PR lead to de image not being deployable (at least with the default restricted SCC, which many companies enforce).
Is there any official solution to this from your part? One possible solution would be to have a numeric user and group instead of "appuser". Then we could just use the supplementalGroups in the security context to gain access to files and directories, as long as the group has the necessary access rights.
--> chown 1001:1001 and USER 1001 instead of chown appuser:appuser and USER appuser so we can use securityContext.supplementalGroups: [1001]
Hi, in Pull Request 48, there was an open question about OpenShift compatibility with the schema registry image. Since OpenShift replaces the user the pods are run with, the permission changes in this PR lead to de image not being deployable (at least with the default restricted SCC, which many companies enforce).
Is there any official solution to this from your part? One possible solution would be to have a numeric user and group instead of "appuser". Then we could just use the supplementalGroups in the security context to gain access to files and directories, as long as the group has the necessary access rights.
-->
chown 1001:1001andUSER 1001instead ofchown appuser:appuserandUSER appuserso we can usesecurityContext.supplementalGroups: [1001]