Init container fails with permission denied when running as non-root user

[dajeffers]

Issue

When running the init-clone-crowdsec-bouncer initContainer in an ingress-nginx deployment with strict pod security settings (non-root user, no additional privileges), the init container fails due to permissions issues:

sed: can't create temp file '/crowdsec/crowdsec-bouncer.confXXXXXX': Permission denied
sed: unmatched ','
sed: can't create temp file '/crowdsec/crowdsec-bouncer.confXXXXXX': Permission denied
sed: can't create temp file '/crowdsec/crowdsec-bouncer.confXXXXXX': Permission denied

This is caused by container files/directories being owned by root, which prevents modification by non-root users.

What did you expect to happen?

The initContainer (and the base image's directories/files) should support operation under a non-root user, as running containers/processes as root is discouraged for security reasons.

Steps to reproduce

1. Deploy ingress-nginx with pod/containers running as a specific user instead of root and with pod-security.kubernetes.io/enforce: privileged on the namespace.
2. Add the init-clone-crowdsec-bouncer as an initContainer (as described in documentation), ensuring it runs as the same (non-root) user.
3. Check the init container logs and subsequent issues with the bouncer in the controller logs.

Anything else we need to know?

• Workaround is to run the init container as root
• Using image crowdsecurity/lua-bouncer-plugin:v1.1.2