sbonnalc
commented
2 years ago Hello, any comment or feedback on this PR?
Closed sbonnalc closed 1 year ago
sbonnalc
commented
2 years ago Hello, any comment or feedback on this PR?
wallyqs
commented
2 years ago Hi, sorry for the delay. Need to investigate this one a bit further to be backwards compatible, or maybe publish it as a different image
caleblloyd
commented
1 year ago Added a nats user/group with UID/GID 1000:1000 in #47 and it will be in the next release
This is still opt-in for backwards compatibility issues, so on k8s will still require specifying runAsUser
On some hardened kubenertes clusters, having containers with root access is prohibited (with Admission Controllers). I propose here to use a non root user for nats-box.
This will allow to create the deployment in nats.io/k8s with a securityContext:
unfortunately, I don't know any method to use the user name instead of the user id. That's why I'm fixing the user id, to something working in that image.