feat: add run_as_non_root=True to Kubernetes Starter template (#16512)

This document sounds like `run_as_non_root=True` should be enabled for workspaces. https://coder.com/docs/install/kubernetes#kubernetes-security-reference > All containers must run as non-root user > - Control plane - ... > - Workspaces - Workspace pod UID is [set in the Terraform template here](f57ce97b5a/examples/templates/kubernetes/main.tf (L274-L276)), and are not required to run as root. Administrators of the Kubernetes of a cluster I am working on have added a security check on it, and prevent creating pods, without `run_as_non_root=True`. So, I need to set it every time I create a template. According to the docs used with `run_as_user=1000` it should not have negative effects and could be safely added. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/
2025-03-14 10:09:57 +00:00 · 2025-02-12 16:58:33 +01:00
parent d7614a4b02
commit f65051966c
1 changed files with 3 additions and 2 deletions
--- a/examples/templates/kubernetes/main.tf
+++ b/examples/templates/kubernetes/main.tf
@ -278,8 +278,9 @@ resource "kubernetes_deployment" "main" {
      }
      spec {
        security_context {
-          run_as_user = 1000
-          fs_group    = 1000
+          run_as_user     = 1000
+          fs_group        = 1000
+          run_as_non_root = true
        }

        container {