-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to implement security context for the pods to run as non root user and a read only fs? #59
Comments
With the latest 10.2.1 release options to overwrite the security contexts have been added. In the https://github.com/Ontotext-AD/graphdb-helm/blob/10.2.1/examples/openshift-local/values.yaml you can find an example on how to set the security context so it's not ran as root. I am cautiously optimistic that the next major release (10.3), the default configuration will be non-root and that the official GraphDB docker images will have a dedicated user to manage the GraphDB process. |
I seem to struggle with the same issue.
I've tried a few things to try to run the image under a non-root user (like Any insight is welcome! 😃 I'm also following Ontotext-AD/graphdb-docker#5 |
Hi! Seems like they are not supporting this. Hope it helps. |
As best practice the application must be run as a non root user with a read only root file system.
We could not find a way to configure such security context and moreover we can see the graphdb instance runs as a root user inside a container.
The text was updated successfully, but these errors were encountered: