Gtoken Container Runs as Root – Need to Enforce Non-Root Execution via Security Context

[PatelFarhaan]

Description:

During the deployment of the Gtoken container, I noticed that the container runs with root privileges by default. For security reasons, and to comply with best practices, certain workloads within our environment require containers to run as non-root users. This poses a risk in environments where running containers as root is restricted or could lead to privilege escalation concerns.

Problem:

Currently, the Gtoken container does not have a securityContext configured, which defaults the container to running as the root user. This is a security vulnerability in environments that require containers to run with non-root privileges. Many Kubernetes-based workloads have policies that enforce non-root containers, and without proper configuration, these workloads may fail deployment or introduce unnecessary security risks.

Expected Behavior:

The Gtoken container should be configured to run as a non-root user by injecting a securityContext in the deployment manifest. This would ensure that the container runs with restricted privileges by default, without needing manual overrides from the user side.

Proposed Solution:

1. Add a securityContext to the container configuration within the deployment manifest.
2. Set runAsUser and runAsGroup to appropriate non-root user and group IDs (for example, runAsUser: 1000 and runAsGroup: 1000).
3. Ensure allowPrivilegeEscalation: false to restrict privilege escalation within the container.

Additional Context:

Some Kubernetes environments enforce policies that prevent containers from running as root. Without the proposed changes, these workloads may fail to deploy in environments where PodSecurityPolicies or Pod Security Standards enforce non-root user requirements.

We would appreciate it if this issue could be prioritized and a patch released to handle this in future versions.

Thank you for your attention to this matter.