Non root image example for kubernetes/helm

Installation Issues
1

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi!

I’m wondering if there is an example deployment for the non-root image on kubernetes/helm.
I have tried to use the docker compose as a base for creating a deployment with the non root image, but can’t get it to work.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: passbolt
  namespace: passbolt
  labels:
    app: passbolt
spec:
  selector:
    matchLabels:
      app: passbolt
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: passbolt
    spec:      
      containers:
        - name: passbolt-server
          securityContext:
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 33
            runAsGroup: 33
          image: passbolt/passbolt:4.3.0-1-ce-non-root
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              port: https
              scheme: HTTPS
              path: /healthcheck/status.json
              httpHeaders:
                - name: Host
                  value: passbolt.local
            initialDelaySeconds: 20
            periodSeconds: 10
          readinessProbe:
            httpGet:
              port: https
              scheme: HTTPS
              httpHeaders:
                - name: Host
                  value: passbolt.local
              path: /healthcheck/status.json
            initialDelaySeconds: 5
            periodSeconds: 10
          env:
            - name: APP_FULL_BASE_URL
              value: https://passbolt.domain.com
            - name: DATASOURCES_DEFAULT_DRIVER
              value: Cake\Database\Driver\Postgres
            - name: DATASOURCES_DEFAULT_ENCODING
              value: utf8
            - name: DEBUG
              value: "true"
            - name: DATASOURCES_DEFAULT_URL
              value: "postgres://passbolt:P4ssb0lt@db:5432/passbolt?schema=passbolt"
          ports:
            - name: https
              containerPort: 4433
              protocol: TCP
            - name: http
              containerPort: 8080
              protocol: TCP
          volumeMounts:
            - name: pvc-storage
              mountPath: /etc/passbolt/jwt
            - name: gpg
              mountPath: /etc/passbolt/gpg
              readOnly: true
      volumes:
        - name: pvc-storage
          persistentVolumeClaim:
            claimName: passbolt-storage
        - name: gpg
          secret: 
            secretName: passbolt-sec-gpg
      restartPolicy: Always

On container startup, the GPG keys are successfully imported but when they read I get this error gpg: error reading key: No public key

Any ideas?

Thank you

2

No comment at all? I can’t be the only one who wants to run the non root image on kubernetes.

Did a comparison with the root image, that also does throw the same error massage at container startup after importing the GPG keys but does continue to the installation section.
Could this be a bug on this version?