mirror of
https://github.com/coder/coder.git
synced 2026-06-03 13:08:25 +00:00
Andrey
f65051966c
This document sounds like `run_as_non_root=True` should be enabled for workspaces. https://coder.com/docs/install/kubernetes#kubernetes-security-reference > All containers must run as non-root user > - Control plane - ... > - Workspaces - Workspace pod UID is [set in the Terraform template here](https://github.com/coder/coder/blob/f57ce97b5aadd825ddb9a9a129bb823a3725252b/examples/templates/kubernetes/main.tf#L274-L276), and are not required to run as root. Administrators of the Kubernetes of a cluster I am working on have added a security check on it, and prevent creating pods, without `run_as_non_root=True`. So, I need to set it every time I create a template. According to the docs used with `run_as_user=1000` it should not have negative effects and could be safely added. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/