Why is root required in the container?

[Miles-Garnsey]

Describe the bug

I can't find a dedicated issue for this and it is important, so I'm raising one. In issue #63 there's a mention of the fact that if you have a securityContext enabled on your pod, Bridge to Kubernetes will not work, as it tries to instantiate a container that runs as root.

To Reproduce

Instantiate a pod with a pod securityContext with runAsNonRoot: true and a container securityContext with allowPrivilegeEscalation: false. Try to use Bridge to Kubernetes to debug something in that container. You get back an error from Kubernetes and it won't run the container.

**Expected behavior** Bridge to Kubernetes should run a proxy container with the same permissions as the container it is replacing.

[pragyamehta]

Hi @Miles-Garnsey Thanks for reporting this. I have opened a work item in our backlog to take a look at this. Thanks!

[delalikwami]

Hi @pragyamehta has there been any update on this? I'm currently testing this out with the latest version of Bridge to Kubernetes and the routing manager pod still tries to run as root, which doesn't work due to our pod security policy.

Error: container has runAsNonRoot and image will run as root (pod: "routingmanager-deployment-84c6fd5dbb-gvh5f_dev(bb7b61fe-9640-4a4c-9f4d-7a196cc26ec2)", container: routingmanager)

[jason-wtw]

Hello @pragyamehta. I am also interested in an update on this. I want to try Bridge to Kubernetes but I can't because our policy requires a pod to run as non-root and when you try to bridge with a non-root container you get the error "container has runAsNonRoot and image will run as root."

Thank You!

[delalikwami]

@jason-wtw I'm not sure if you have a requirement of using a VSCode plugin, but I ended up switching to DevSpace for our dev team's workflow. It's a cli tool that was pretty straightforward to setup/use and it's pretty customizable for what you need.