fix: properly reference pod's securityContext from values and add deployment.securityContext.runAsNonRoot=true

[vmignot]

The securityContext from the deployment was referencing a non-existing value. It was never applied.

[cfis]

Did you want me to look at this, or did you change you mind?

[vmignot]

Did you want me to look at this, or did you change you mind?

I looked further into it, and, as the container is running as root, I think my PR would break the deployment.
We should remove the parameter from the values, more likely - as it is not used, and should not be used from my understanding.

[polarathene]

The white-space fixes would probably be good to get in as a clean-up.

DMS needs to run as root to do it's thing as it's a multi-process container and the root user manages those users during setup, such as correcting permissions/ownership of files.

Our process manager (supervisor) then launches each service potentially as a non-root user or as a root user where the service itself runs other parts with it's own non-root user for security.

---

So no it shouldn't run as non-root. What you can do is run the container as rootless I think (this is different and keeps the internal user as root, but on the container host it maps to a user ID above 2^16 for security, with Docker that requires running the daemon in rootless mode).