megakoresh opened a new issue #13869: URL: https://github.com/apache/superset/issues/13869
Helm is [configured](https://github.com/apache/superset/blob/9d0bb3a3ba38c2289d77e87dfe572c57c51ef7c7/helm/superset/templates/deployment.yaml#L53) to run containers as root so that it can [install packages](https://github.com/apache/superset/blob/9d0bb3a3ba38c2289d77e87dfe572c57c51ef7c7/helm/superset/templates/_helpers.tpl#L52). This is against security best practices and to top it all off, the chart does not allow editing this setting, and neither can the bootstrap be edited, so it doesn't crash when running as non-root. This makes the helm chart not suitable for secure production environments. To fix this, it would be enough to allow editing the `runAsUser` field and the bootstrap script from `values.yaml`. Although in my opinion bad practices like this should not be promoted by the upstream, so it would be preferable if non-root was the default option, with documentation reflecting this. I may have time to fix this later this week, but my schedule is quite tight so if someone has time to do this, please post here so I don't start duplicating someone's work. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
