Skip to content
This repository has been archived by the owner on Oct 8, 2024. It is now read-only.

promtail and canary need run as non-root #40

Open
james-callahan opened this issue Sep 29, 2021 · 2 comments · Fixed by #45
Open

promtail and canary need run as non-root #40

james-callahan opened this issue Sep 29, 2021 · 2 comments · Fixed by #45

Comments

@james-callahan
Copy link
Contributor

promtail and loki-canary should set spec.securityContext.runAsNonRoot: true to meet the kubernetes Pod Security Standards
@james-callahan james-callahan mentioned this issue Nov 8, 2021
Merged
@james-callahan james-callahan reopened this Nov 8, 2021
@james-callahan
Copy link
Contributor Author

This was only partially fixed by #45, promtail is still running as root.

That is more tricky to fix, as it needs permission to read journald files as well as docker logs from the host.

@sgutwein
Copy link

Any updates?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

loki-canary: run as non-root james-callahan/kustomize-loki
2 participants
@james-callahan @sgutwein