Cannot run temporal services as non-root user in kubernetes

We have restrictions in our enterprise k8s environment to block running containers as root user. Kubernetes also recommends running containers as non-root user - 11 Ways (Not) to Get Hacked | Kubernetes

Starting temporal containers (using the helm chart from temporal helm chart repo) as non-root user throws the below permission error:

  • dockerize -template /etc/temporal/config/config_template.yaml:/etc/temporal/config/docker.yaml
    2021/02/04 14:28:48 unable to create open /etc/temporal/config/docker.yaml: permission denied

Currently, I did a workaround by creating a custom image with permission for non-root user to /etc/temporal/ dir.

Can we update the dockerfile and helm chart to run temporal services as non-root user by default?

Hi Siva,

Can you create an github issue for this?

Done - Cannot run temporal services as non-root user in kubernetes · Issue #1263 · temporalio/temporal · GitHub. Thanks!

Hi @Wenquan_Xing,
Is there any timeline when this issue will be fixed? We are also facing the same problem.

this is on our radar and we do plan on eventually making this happen. at the same time, the work has not been scheduled yet.

but there’s no reason temporal inherently needs to run with root and we’re totally open to accepting PRs to make this possible in the meantime.

thank you for your feedback as interest in specific issues helps us to prioritize our efforts!

Hi @derek Is there any ETA on getting this rolled out?

definitely still open to PRs, no ETA.