[elasticsearch] run as non root by default

[naseemkullah]

Describe the feature:

Please see title.

Describe a specific use case for the feature:

Best practice to run as non root.

[Crazybus]

I think this is a duplicate of #162? Which seems to be caused by some changes in 1.13 which I'm working on adding support for in #169

While the Elasticsearch process itself is running as the elasticsearch with uid of 1000 it seems like we might need to explicitly set this in the spec too.

This is what I see inside the container:

sh-4.2# ps aux 1
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
elastic+       1 25.1  4.2 4947928 1299548 ?     Ssl  18:13   0:36 /usr/share/elasticsearch/jdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75
elastic+      76  0.0  0.0  72308  8308 ?        Sl   18:14   0:00 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

[naseemkullah]

Hi @Crazybus good to know the process is started as elasticsearch with uid 1000, if you run a whoami what is returned?
If root, then yes we need to add some securityContext I'd be happy to open the PR if that sounds good to you.

[naseemkullah]

#171 opened

[jmlrt]

Hi @naseemkullah,
I'm closing this issue as your PR #171 was merged.