keycloak
Error: container has runAsNonRoot and image will run as root [securityContext]
Description
Is there a possibility to apply a securityContext to the Keycloak deployment via the Operator?
My deployment failes with the Error message: Error: container has runAsNonRoot and image will run as root
Discussion
No response
Motivation
Security. Containers should not run as root.
Details
No response
Hi @Nold360 !
Thanks for the issue and related PR, I understand the reasons to go in this direction but I would like to understand if you can achieve the same(or similar) result, using a custom Keycloak image.
More specifically you can set the environment variable RELATED_IMAGE_KEYCLOAK in the operator deployment to point to a custom image where you use the correct and more restricted permissions.
Or there are use-cases that cannot be covered with this approach?
Well, you could use a custom image running as non-root but you would need the securityContext to specify fsGroup. And IDK if it would satisfy the PSP. Also there are more options available like readOnlyRootFilesysten/privilegeEscalation/...
Also... IMHO as a authentication tool Keycloak should be deployed as secure as possible.
Thanks for elaborating on the use-case!
I'll follow up on the PR review side.
Thanks (again) for reporting this issue. Keycloak 19 was the last version that included this legacy Operator, and with the release of Keycloak 20 the Operator reached EOL and this repository will be archived, please see our blog post on this topic. If this issue is still valid for the Realm Operator, please re-open it there. Thanks for your understanding. And be sure to check out our new Operator!
