Run proxy service container image as non-root user

[cdekkers]

Describe the feature request
When running the budibase/proxy service container in a multi-tenant cluster environment where the restricted Pod security standard is applied, the Pod ends up in the CrashLoopBackOff status. Looking at the logs, it appears the image requires superuser privileges, but in a restricted environment, spec.securityContext.runAsNonRoot forces containers to be run as non-root users.

Screenshots
Container logs:

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
20-envsubst-on-templates.sh: ERROR: /etc/nginx/templates exists, but /etc/nginx is not writable
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/80-listen-on-ipv6-by-default.sh
80-listen-on-ipv6-by-default.sh: info: ipv6 is available so no need to delete lines from nginx conf
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/08/22 08:35:56 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
2024/08/22 08:35:56 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

[linear[bot]]

BUDI-8582 Run proxy service container image as non-root user

[Shkrelic]

Is there any solution to this? I've seen usage of nginxinc/nginx-unprivileged in similar deployments, is that something that is planned to be supported or is there an alternative solution?