Support for running in non-root #2933
Comments
tomkerkhove
added
feature
|
@kedacore/keda-maintainers Do you know if KEDA core supports running as non-root or do we have a requirement for this? |
|
I'd say that we are already using non-root image (distroless/non-root) |
|
I think it was discussed sometime ago |
|
But as summary, KEDA runs over non-root, users need to set the security context |
|
It begs the question, though, shouldn't we run KEDA as non-root by default? What's stopping us from doing secure-by-default? |
|
I'd say that we can run KEDA with a safe securityContext as default yes (keeping the option to set other or empty like right now). @zroubalik any objection? |
|
+100 agree, we should default to non-root. This change should be driven from kedacore/keda first. |
|
What do we have to do there? Is it not enough just setting the securityContext here? Maybe to run with non-root also when it's deployed with make or manifests? |
|
Yeah, I'd put securityContext to the manifests in core. |
|
100% agree on doing that in KEDA core first and be secure-by-default. Moving issue there to keep track of things. |
Currently we don't don't provide guidance around running in non-root and we should check if we can default to this in our Helm chart.
Related: #2891
The text was updated successfully, but these errors were encountered: