mbode commented on a change in pull request #9946: [FLINK-14468][docs] Update
Kubernetes docs
URL: https://github.com/apache/flink/pull/9946#discussion_r337346428
##########
File path: docs/ops/deployment/kubernetes.md
##########
@@ -230,6 +240,8 @@ spec:
volumeMounts:
- name: flink-config-volume
mountPath: /opt/flink/conf/
+ securityContext:
+ runAsUser: 9999
Review comment:
I stumbled over this trying to deploy the example templates to a Kubernetes
cluster where I did not have permissions to run privileged workloads. It seems
to me to be a best practice to run unprivileged if possible.
The user _flink_ with uid _9999_ is present in the official Flink docker
image, e.g.
[here](https://github.com/docker-flink/docker-flink/blob/2e4b45b10e8efe04c324e44cacf7df16b2553f0f/1.9/scala_2.12-debian/Dockerfile#L55)
for Flink 1.9/Scala 2.12.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
