Skip to content

feat: add run_as_non_root=True to Kubernetes Starter template #16512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 12, 2025
Merged

feat: add run_as_non_root=True to Kubernetes Starter template #16512

merged 2 commits into from
Feb 12, 2025

Conversation

Cjkjvfnby
Copy link
Contributor

This document sounds like run_as_non_root=True should be enabled for workspaces.

https://coder.com/docs/install/kubernetes#kubernetes-security-reference

All containers must run as non-root user

Administrators of the Kubernetes of a cluster I am working on have added a security check on it, and prevent creating pods, without run_as_non_root=True. So, I need to set it every time I create a template.

According to the docs used with run_as_user=1000 it should not have negative effects and could be safely added. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/

@cdr-bot cdr-bot bot added the community Pull Requests and issues created by the community. label Feb 10, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 10, 2025
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@Cjkjvfnby
Copy link
Contributor Author

I have read the CLA Document and I hereby sign the CLA

cdrci2 added a commit to coder/cla that referenced this pull request Feb 10, 2025
@cdrci2
@Cjkjvfnby has signed the CLA in coder/coder#16512
b97a376
@Cjkjvfnby Cjkjvfnby changed the title Add run_as_non_root=True to Kubernetes Starter template feat: Add run_as_non_root=True to Kubernetes Starter template Feb 10, 2025
@Cjkjvfnby Cjkjvfnby changed the title feat: Add run_as_non_root=True to Kubernetes Starter template feat: add run_as_non_root=True to Kubernetes Starter template Feb 10, 2025
ericpaulsen
ericpaulsen reviewed Feb 10, 2025
View reviewed changes
@matifali matifali requested a review from ericpaulsen February 12, 2025 14:07
@ericpaulsen ericpaulsen merged commit f650519 into coder:main Feb 12, 2025
29 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Feb 12, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ericpaulsen ericpaulsen ericpaulsen approved these changes

Assignees

@Cjkjvfnby Cjkjvfnby

Labels
community Pull Requests and issues created by the community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Cjkjvfnby @ericpaulsen