Closed sudermanjr closed 1 year ago
~Realizing now that the helm chart provides more detailed options, so I'm going to try that route instead and will update or close if possible~
Same problem when defining via helm chart, with the following values file, using the commented values from the chart.
image:
pullPolicy: Always
tag: v0.17.0
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
resources:
limits:
cpu: 200m
memory: 100Mi
requests:
cpu: 200m
memory: 100Mi
Hi @sudermanjr
I started on https://github.com/headlamp-k8s/headlamp/pull/877 which lets the container use not root user. I think @knrt10 was interested in finishing that off.
@sudermanjr thank you for your issue. As @illume mentioned, I am currently looking into the above mentioned issue, so once it is fixed you should be able to run as non-root
@sudermanjr #877 is merged. If you try with the latest code(will be included in next release), I think you can use headlamp as a non root. Can you please check and update the issue accordingly. Thanks
Headlamp v0.17.1 was released a little while ago which includes the #877 least priv changes. https://github.com/headlamp-k8s/headlamp/releases/tag/v0.17.1
Thanks @sudermanjr again for the issue.
I'll close this now, but if there's something else to improve I'd love to know.
I am trying to deploy headlamp in a Kubernetes cluster with some specific security requirements. Currently, it seems the Dockerfile does not allow running as a non-root user in a Kubernetes cluster. Additionally, I have not been able to get the readOnlyFilesystem flag to work either.
Adding the security context block to the deployment yaml (for the container spec) results in a crashing container:
Full deployment spec:
The logs show: