Add SecurityContext to the various containers installed, except the initContainer #1930
Comments
codeman9
changed the title
|
Fixed by #1929. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Request
What problem are you trying to solve?
Our Pod Security Policy explicitly denies containers running as root. Since the Dockerfiles for the various containers needed during linkerd install do not specify a user, it is assumed that they will run as root. When I try to install linkerd into our cluster, I get an error that says that containers cannot runAsRoot. The
initContainerthat needs root andNET_ADMINwill still be an issue for us until #1887 is resolved.How should the problem be solved?
Adding a securityContext with a runAsUser value to the various containers is one way to solve this problem. If any of the required containers do actually need to run as root, then I'm not sure how to get around that. From what I can tell this change doesn't affect the installation.
Any alternatives you've considered?
I'm not super familiar with alternatives other than updating the Dockerfiles to run as a particular user.
How would users interact with this feature?
Users will not be affected by this change.
The text was updated successfully, but these errors were encountered: