fix(frontend): frontend currently cannot run as non-root (#928)

Nginx needs to bind to port 80 which requires root permissions
2022-08-15 14:13:44 +01:00
parent 72d27b9a7c
commit 5972e6b42a
1 changed files with 3 additions and 8 deletions
@@ -43,8 +43,7 @@ spec:
              - NET_BIND_SERVICE
          privileged: false
          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 20000
+          runAsNonRoot: false

        # Allow for k8s to remove the pod from the service endpoints to stop receive traffic
        lifecycle:
@@ -58,7 +57,7 @@ spec:
            port: www
          initialDelaySeconds: 5
          periodSeconds: 5
-        
+
        env: 
          - name: FILE_SIZE_LIMIT_MB
            value: {{ .Values.file_size_limit_mb | quote }}
@@ -78,11 +77,7 @@ spec:
      priorityClassName: high-priority

      securityContext:
-        runAsNonRoot: true
-        runAsUser: 20000
-        fsGroup: 25000
-        fsGroupChangePolicy: OnRootMismatch
-        runAsGroup: 30000
+        runAsNonRoot: false
        seccompProfile:
          type: RuntimeDefault