Running custom-metrics-stackdriver-adapter as non-root user

[mcantrell]

Adding a securityContext with non-root settings causes an error:

  securityContext:
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1000

allowPrivilegeEscalation: false is fine but runAsNonRoot, runAsUser appear to cause the error:

Unable to get StackdriverAdapter apiserver config error creating self-signed certificates: mkdir apiserver.local.config: permission denied

[Glenn-Terjesen]

@mcantrell Hi, we had the same issue, the fix was to change the cert-dir and port number. (+service target change)

      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: pod-custom-metrics-stackdriver-adapter
        imagePullPolicy: Always
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          capabilities:
            drop:
            - ALL
          seccompProfile:
            type: RuntimeDefault
        ports:
        - name: https
          containerPort: 4443
          protocol: TCP
        command:
        - /adapter
        - --use-new-resource-model=true
        - --cert-dir=/tmp
        - --fallback-for-container-metrics=true
        - --secure-port=4443