Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enterprise-logs] Run GEL containers as non root user #687

Closed
chaudum opened this issue Sep 17, 2021 · 0 comments · Fixed by #691
Closed

[enterprise-logs] Run GEL containers as non root user #687

chaudum opened this issue Sep 17, 2021 · 0 comments · Fixed by #691
Assignees
@chaudum
Labels
bug Something isn't working

Comments

@chaudum
Copy link
Contributor

chaudum commented Sep 17, 2021

The Pods that are created by the parent chart do not have a security context configured. However, since the GEL Docker container runs as user enterprise-logs (uid=10001,gid=10001), their security context needs to be configured accordingly.

securityContext:
  runAsNonRoot: true
  runAsGroup: 10001
  runAsUser: 10001
  fsGroup: 10001
@chaudum chaudum added the bug Something isn't working label Sep 17, 2021
@chaudum chaudum self-assigned this Sep 17, 2021
@chaudum chaudum mentioned this issue Sep 20, 2021
Closed
chaudum added a commit that referenced this issue Sep 20, 2021
@chaudum
Ensure that Pods run as non-root user enterprise-logs
e3c5b9e 
This is needed when running GEL as AWS Marketplace container product on EKS
where the users needs access to the EKS service account token.

Fixes #687

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
@chaudum chaudum mentioned this issue Sep 20, 2021
Merged
chaudum added a commit that referenced this issue Sep 21, 2021
@chaudum
Ensure that Pods run as non-root user enterprise-logs
96f4694 
This is needed when running GEL as AWS Marketplace container product on EKS
where the users needs access to the EKS service account token.

Fixes #687

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
mfamador pushed a commit to anovateam/grafana-helm-charts that referenced this issue Oct 19, 2021
@chaudum @mfamador
Ensure that Pods run as non-root user enterprise-logs
1df7de4 
This is needed when running GEL as AWS Marketplace container product on EKS
where the users needs access to the EKS service account token.

Fixes grafana#687

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
@ssncferreira ssncferreira mentioned this issue Jan 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chaudum chaudum

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[enterprise-logs] Run GEL as non-root user enterprise-logs grafana/helm-charts
1 participant
@chaudum