[BUG][OpenSearch] Init container running as root #656
Comments
samjohnsonCF
added
bug
|
@samjohnsonCF could you please assign this issue to me ? |
|
Hi @Sunilwali679 ! It doesn't look like I can actually assign it to anyone.. unless I'm missing something. But the "Assignees" at the top right is not editable by me. |
DandyDeveloper
added
good first issue
|
Definitely would prefer the defaults step away from using root, should not be necessary. Defaults should be "catch all" minimum access needed, and expose it so users can change this . |
|
Agreed! I've been doing this on my own implementation of opensearch. I got the fsgroup-volume init container working by running as user 1000 and group 1000 and by adding the CHOWN capability. I so far have not been successful on getting the systcl command to run outside of root user. |
|
thanks @DandyDeveloper @samjohnsonCF :) I will raise PR ASAP |
Describe the bug
In the opensearch helm chart there are 2 init containers running as root (user 0). The fsgroup-volume and the sysctl. These two init containers can be modified to run as user 1000 / group 1000 and will then no longer need to run as 0.
These security contexts should ultimately be able to be modified/controlled via the values file for easier modifications.
To Reproduce
N/A
Expected behavior
Init containers should not be running as root.
Chart Name
Opensearch (statefulset.yaml)
Screenshots
Host/Environment (please complete the following information):
Additional context
N/A
The text was updated successfully, but these errors were encountered: