-
Notifications
You must be signed in to change notification settings - Fork 4
Open
Description
Hey there,
This looks great. I have transcribed the docker-compose example to a Kubernetes statefulset, however it gives the following error:
/usr/local/bin/docker-entrypoint.sh: line 11: /var/www/html/include/docker-env.sh: Permission denied
Kubernetes is a bit more strict with permissions. I am happy to provide my current deployment values (to compare with docker-compose), but i was wondering whether you had implemented/tested this with Kubernetes before?
If not, I am happy to work with you to get this working on Kubernetes in a secure way.
Currently, i have:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: false
- capabilities: { drop: ["ALL"] }
- defaultPodOptions:
- securityContext:
- runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
- runAsNonRoot: true
- securityContext:
Metadata
Metadata
Assignees
Labels
No labels