From 5972e6b42a7dffd0ce08aada001fff5b5f1bfaea Mon Sep 17 00:00:00 2001
From: Iain Sproat <68657+iainsproat@users.noreply.github.com>
Date: Mon, 15 Aug 2022 14:13:44 +0100
Subject: [PATCH] fix(frontend): frontend currently cannot run as non-root
 (#928)

Nginx needs to bind to port 80 which requires root permissions
---
 .../speckle-server/templates/frontend/deployment.yml  | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/utils/helm/speckle-server/templates/frontend/deployment.yml b/utils/helm/speckle-server/templates/frontend/deployment.yml
index 5138d14f6..0a9ab7654 100644
--- a/utils/helm/speckle-server/templates/frontend/deployment.yml
+++ b/utils/helm/speckle-server/templates/frontend/deployment.yml
@@ -43,8 +43,7 @@ spec:
               - NET_BIND_SERVICE
           privileged: false
           readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 20000
+          runAsNonRoot: false
 
         # Allow for k8s to remove the pod from the service endpoints to stop receive traffic
         lifecycle:
@@ -58,7 +57,7 @@ spec:
             port: www
           initialDelaySeconds: 5
           periodSeconds: 5
-        
+
         env: 
           - name: FILE_SIZE_LIMIT_MB
             value: {{ .Values.file_size_limit_mb | quote }}
@@ -78,11 +77,7 @@ spec:
       priorityClassName: high-priority
 
       securityContext:
-        runAsNonRoot: true
-        runAsUser: 20000
-        fsGroup: 25000
-        fsGroupChangePolicy: OnRootMismatch
-        runAsGroup: 30000
+        runAsNonRoot: false
         seccompProfile:
           type: RuntimeDefault