Open Sjoerdsjoerd opened 2 years ago
Sjoerdsjoerd
commented
2 years ago When I disable the securityContext.readOnlyRootFilesystem in combination with user "421". I still receive the following error: "su-exec: setgroups(421): Operation not permitted"
It looks like root access is required?
hugoprudente
commented
2 years ago Hi @Sjoerdsjoerd can you provide all the parameters for the security context that you are using? I'll test it and check the build with Felddy's container to later today and let you know.
Which version of K8s are you using too so I can test in exactly same setup?
Thanks for reporting it.
Sjoerdsjoerd
commented
2 years ago Hey @hugoprudente,
I have used a clean setup.
The config that I use was the same that was provided in the values (but then enabled). I then figured out that readOnlyRootFilesystem is not working, because of the error "unzip: can't create directory 'resources/': Read-only file system". Therefore, I disabled it. After that I changed the user to 421 (foundry user), to get less errors but it still did not work because I think that "su-exec" requires root access.
Mijn K8s version is 1.23.6. The securityconfig:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 421
When using "securityContext" I receive the following error: "unzip: can't create directory 'resources/': Read-only file system"
I have tried to set the user to "421" as well as "1000", but I still receive the error.
Do you have suggestions?