Usage of `runAsUser: 0` and if it's really required?

[TsengSR]

I was fiddling around yesterday to install Seq into my homelab cluster and while looking at the default values.yaml I saw this

securityContext:
  runAsUser: 0
  capabilities:
    add:
      - NET_BIND_SERVICE

Are these really necessary? At first glance I don't see anythink where it would need to access resources that require root permission.

The only thing I could think of is the UI running on port 80 where elevated priviledges are required for ports lower than 1024, but that's not a reason to run the pod as admin/with BET_BIND_SERVICE. Just changing the UI port to 8080 should be sufficient since in k8s ingresses are used anyways to expose UIs internally (internally as in: Second ingress runnong on 8080/8443 reachable only within VPN) or externally.

Are there any other components that require root and any plans or idea what'd need to be changed to remove that dependencies to have the container run on its own unpriviledged user?

[nblumhardt]

Sorry about the slow reply on this, @TsengSR - thanks for the note, we should be able to loop back in a couple of days' time.