nats-box icon indicating copy to clipboard operation
nats-box copied to clipboard
verified publisher icon nats-io

non root user

Open sbonnalc opened this issue 3 years ago • 2 comments

On some hardened kubenertes clusters, having containers with root access is prohibited (with Admission Controllers). I propose here to use a non root user for nats-box.

This will allow to create the deployment in nats.io/k8s with a securityContext:

      securityContext:
        runAsUser: 1001

unfortunately, I don't know any method to use the user name instead of the user id. That's why I'm fixing the user id, to something working in that image.

sbonnalc avatar Mar 01 '22 16:03 sbonnalc

Hello, any comment or feedback on this PR?

sbonnalc avatar Mar 14 '22 10:03 sbonnalc

Hi, sorry for the delay. Need to investigate this one a bit further to be backwards compatible, or maybe publish it as a different image

wallyqs avatar Mar 14 '22 22:03 wallyqs

Added a nats user/group with UID/GID 1000:1000 in #47 and it will be in the next release

This is still opt-in for backwards compatibility issues, so on k8s will still require specifying runAsUser

caleblloyd avatar Jan 20 '23 19:01 caleblloyd