PermissonError on Config Map Refresh in SideCar Container

[hinrichd]

What happened?

When using the default values from helm chart and using the sidecar container, the sidecar container could not update the flows.json file cause of an permission error. This happens, when node-red is writing or update the flows.json itself and file permissions will be changed and does not match to the sidecar permissions.

How can we reproduce this?

Deploy Nodered with sidecar container importing a custom flow.
After successfully deployed change and deploy the flow from nodered ui.
SideCar container could not update or reset nodered to the flow deployed within the config map watched by the sidecar.

Helm Chart version

current.

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

With default values node-red container runsAsUSer 10.003 runAsGroup 10.003 and the sidecar container as runsAsUSer 1.000 runAsGroup 1.000. Changing the values in the helm chart to the same group an user will resolve this permission error and node-red will be restarted with updates to the flows config File or if someone is changing the flow from the gui.

Thought 10.003 for the node-red user id is very high or uncommon and to better fit default values it would be a good idea to change the default nodered security context. Not sure it this has any conflicts or better solution out there.

{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}