You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We want to deploy reportportal to kubernetes (1.14.1), however, we have a security requirement that the pods/statefulset shouldnt' start with root as user, should have securitycontext with annotations enabled. Can any one please share what is the detail of fsgroup, runAsUser ?
The text was updated successfully, but these errors were encountered:
Bitnami's guide, regrettably, is actually not entirely adequate - it provides some ill-advised information for improperly addressing the situation.
Yes, it's good to run containers as a non-root user. However, the way this guide attempts to address the issue will not work in most large real-world deployments. Unfortunately, Bitnami images will not run as configured in a professionally-operated enterprise-class OpenShift environment. Notice in particular how the guide's advice is for you to not modify the container, but to reconfigure your infrastructure's environment to accommodate what the image happens to have in /etc/passwd.
Most OpenShift users are in a managed environment where they will not have access to redefine the Security Context restricted by OpenShift administrators. Hard-coding the fsGroup and runAsUser in a distributed deployment spec with the expectation that the end-user has access to set these values is a certain way to have failed deployments and "Forbidden" access restriction errors.
To better understand how containers actually run in a fully-configured OpenShift environment, consider the user to be pre-assigned some random UID in the 10-100 million range, and GID 0.
Hello.,
We want to deploy reportportal to kubernetes (1.14.1), however, we have a security requirement that the pods/statefulset shouldnt' start with root as user, should have securitycontext with annotations enabled. Can any one please share what is the detail of fsgroup, runAsUser ?
The text was updated successfully, but these errors were encountered: