- Notifications
You must be signed in to change notification settings - Fork921
Commitf650519
authored
feat: add run_as_non_root=True to Kubernetes Starter template (#16512)
This document sounds like `run_as_non_root=True` should be enabled forworkspaces.https://coder.com/docs/install/kubernetes#kubernetes-security-reference> All containers must run as non-root user> - Control plane - ...> - Workspaces - Workspace pod UID is [set in the Terraform templatehere](https://github.com/coder/coder/blob/f57ce97b5aadd825ddb9a9a129bb823a3725252b/examples/templates/kubernetes/main.tf#L274-L276),and are not required to run as root.Administrators of the Kubernetes of a cluster I am working on have addeda security check on it, and prevent creating pods, without`run_as_non_root=True`. So, I need to set it every time I create atemplate.According to the docs used with `run_as_user=1000` it should not havenegative effects and could be safely added.https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/1 parentd7614a4 commitf650519
1 file changed
+3
-2
lines changedLines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
278 | 278 | | |
279 | 279 | | |
280 | 280 | | |
281 | | - | |
282 | | - | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
283 | 284 | | |
284 | 285 | | |
285 | 286 | | |
| |||
0 commit comments
Comments
(0)