fix securityContext for kaniko and agent

Author: eksrha

charts/github-actions-runner/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.11
+version: 0.2.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/github-actions-runner/templates/deployment.yaml

@@ -45,7 +45,8 @@ spec:
         {{- if .Values.runner.kaniko.enabled }}
         - name: {{ .Chart.Name }}-kaniko
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+            runAsUser: 0
+            readOnlyRootFilesystem: false
           image: {{ include "github-actions-runner.runner-image-kaniko" . }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

charts/github-actions-runner/values.yaml

@@ -47,18 +47,19 @@ serviceAccount:
 podAnnotations: {}
 
 podSecurityContext:
-  runAsNonRoot: true
-  runAsUser: 1000
-  fsGroup: 1000
+  {}
+  # runAsNonRoot: false
+  # runAsUser: 1000
+  # fsGroup: 1000
 
+# does not apply on kaniko
 securityContext:
-  {}
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  runAsUser: 1000
   # capabilities:
   #   drop:
   #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
 
 resources:
   {}