Why is is default user Root and runAsNonRoot false?

[avosepp]

Hi,

Question is in the title. The default configuration for Windmill's Helm chart sets Windmill as root. Is there a developer reason for this? It impacts our ability to install Windmill in clusters with security features enforced. Does Windmill need to be run as root?

If it's not required for Windmill then I'd like to unset it from the default and maybe consider making some improvements to the Helm chart to meet higher security defaults.

[rubenfiszel]

Hi @avo-sepp , all the security features can be enabled through conf so it shoudn't hinder your ability to install it in very constrained envs. Feel free to add a boolean value that enforces better defaults and we will mention it in the README but the defaults will stay relaxed because many use-cases actually benefit from being able to run as root and have control on the entire pod.

[avosepp]

So if I change it off from root, it will not cause an issue running the application?

[rubenfiszel]

Running the app no but some of your script might expect to have write ability on the whole pod and in which case they will error.