Skip to content

Running as non-root #61

New issue
New issue
Open
Open
Running as non-root#61
@larsla

Description

@larsla
larsla
opened on Nov 12, 2025

I want to run all containers as non-root and tried using:

global:
  podSecurityContext:
    fsGroup: 1001

  containerSecurityContext:
     capabilities:
       drop:
         - ALL
     runAsNonRoot: true
     runAsUser: 1001
     runAsGroup: 1001

This fails the pods on start with: 2025/11/12 14:33:09 unable to create open /etc/cadence/config/docker.yaml: permission denied
due to https://github.com/cadence-workflow/cadence/blob/57f0d8d083f3f2da35ca24d99df06bbd626c5956/docker/start-cadence.sh#L7

There does not seem to be any configuration for where the Cadence configs are stored.
There is also no option to add volumeMounts (other than for tls) and initContainers to the pods to make a workaround.

Do you have any suggestions?

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions