search

scaleway / cert-manager-webhook-scaleway

A Scaleway DNS ACME webhook for cert-manager
Apache License 2.0
34 stars 15 forks source link

Issue with cert-manager-webhook-scaleway when run as non root is set to true #26

Open christian-vdz opened 5 months ago

christian-vdz commented 5 months ago

Is your feature request related to a problem? Please describe. With securityContext.runAsNonRoot set to true on Helm release, this error occured: Error: container has runAsNonRoot and image will run as root.

It does not stop the container from starting but the lack of permissions prevents port 443 to be bound: "error executing command" err="failed to create listener: failed to listen on 0.0.0.0:443: listen tcp 0.0.0.0:443: bind: permission denied" logger="cert-manager"

Describe the solution you'd like I don't know what the best solution is but I think we should create a new user which is allowed to create listeners.

Nox-404 commented 3 days ago

can you try with listenPort: 8443 with the version 0.4 of the chart ? https://github.com/scaleway/helm-charts/blob/master/charts/scaleway-certmanager-webhook/values.yaml#L62

it should be possible with https://github.com/scaleway/helm-charts/pull/20