You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Helm is configured to run containers as root so that it can install packages. This is against security best practices and to top it all off, the chart does not allow editing this setting, and neither can the bootstrap be edited, so it doesn't crash when running as non-root. This makes the helm chart not suitable for secure production environments.
To fix this, it would be enough to allow editing the runAsUser field and the bootstrap script from values.yaml. Although in my opinion bad practices like this should not be promoted by the upstream, so it would be preferable if non-root was the default option, with documentation reflecting this.
I may have time to fix this later this week, but my schedule is quite tight so if someone has time to do this, please post here so I don't start duplicating someone's work.
The text was updated successfully, but these errors were encountered:
Helm is configured to run containers as root so that it can install packages. This is against security best practices and to top it all off, the chart does not allow editing this setting, and neither can the bootstrap be edited, so it doesn't crash when running as non-root. This makes the helm chart not suitable for secure production environments.
To fix this, it would be enough to allow editing the
runAsUser
field and the bootstrap script fromvalues.yaml
. Although in my opinion bad practices like this should not be promoted by the upstream, so it would be preferable if non-root was the default option, with documentation reflecting this.I may have time to fix this later this week, but my schedule is quite tight so if someone has time to do this, please post here so I don't start duplicating someone's work.
The text was updated successfully, but these errors were encountered: