argocd-example-apps icon indicating copy to clipboard operation
argocd-example-apps copied to clipboard

Published 20 hours ago verified publisher icon argoproj

Run Sample Apps as Non Root

Open danielhelfand opened this issue 4 years ago • 4 comments

When testing out the guestbook sample app on a cluster in a restricted environment, the deployment fails due to the guestbook container being run as root. It would be nice to specify a securityContext for the deployment since it should not need privileged permissions.

While this is a sample app, it would be nice to promote the practice of not running containers as root and also help to prevent running into the issue of the Getting Started tutorial not working in certain Kubernetes environments.

danielhelfand avatar Aug 13 '20 16:08 danielhelfand

Bump! It would nice to see restricted-friendly examples.

Would prefer to see the guestbook example use a high-numbered port at the very least as it seems like the quickest path.

komish avatar Mar 17 '21 22:03 komish

Do you know how can we easily avoid this issue? As I am running the examples on Openshift 4 and I am getting all the time the error:

(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80

hect1995 avatar Apr 28 '21 16:04 hect1995

@hect1995 The simplest way I've found is just to bind to a high-numbered port in the sample application, and pass that through to the manifests.

komish avatar Apr 28 '21 18:04 komish

for those looking for quick fix for the solution oc adm policy add-scc-to-user anyuid -z default

which will give the service account default permission to run service on privileged ports like 80

vajravelu1 avatar Feb 10 '24 09:02 vajravelu1