Skip to content

Enable rootless settings for nginx containers by default#363

Merged
BorisPolonsky merged 3 commits intomasterfrom
feat-rootless-proxy
Dec 26, 2025
Merged

Enable rootless settings for nginx containers by default#363
BorisPolonsky merged 3 commits intomasterfrom
feat-rootless-proxy

Conversation

@BorisPolonsky
Copy link
Copy Markdown
Owner

@BorisPolonsky BorisPolonsky commented Dec 25, 2025
edited
Loading

Description

This release enables podSecurityContext and containerSecurityContext for the proxy component by default, running nginx as a non-root user (UID 101).
Close #359

Action required for existing deployments

If you have proxy.log.persistence.enabled: true with an existing PVC (nginx-logs-disk):

  • update the volume ownership before upgrading, or
  • as alternative, disable security contexts for backward compatibility by setting:
proxy:
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false

@giladd123 giladd123 mentioned this pull request Dec 25, 2025
Merged
@BorisPolonsky BorisPolonsky changed the title Support non-root nginx containers Enforce non-root nginx containers Dec 26, 2025
@BorisPolonsky BorisPolonsky changed the title Enforce non-root nginx containers Enable rootless settings for nginx containers by default Dec 26, 2025
@BorisPolonsky BorisPolonsky merged commit abba0f0 into master Dec 26, 2025
4 checks passed
@BorisPolonsky BorisPolonsky deleted the feat-rootless-proxy branch December 26, 2025 02:15
@BorisPolonsky BorisPolonsky mentioned this pull request Dec 26, 2025
Closed
This was referenced Dec 31, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BorisPolonsky