GitLab CE/EE and GitLab Runner docker images without root runtime requirements

Description

We are evaluating GitLab EE to use as CI/CD solution in our RedHat OpenShift clusters. The current docker images available on DockerHub (https://hub.docker.com/r/gitlab/gitlab-ee) all require root access in order to run properly. Within RedHat OpenShift this is considered bad practice and we would like to avoid giving our gitlab and gitlab runner serviceaccounts the anyuid security context.

Official RedHat OpenShift guidelines with regards to secure images can be found at the following location:

https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#openshift-specific-guidelines
Example: https://github.com/RHsyseng/container-rhel-examples/blob/master/starter-arbitrary-uid/Dockerfile

Proposal

Provide docker images which do not require root user to run the main container process.
Provide docker images which allow an arbitrarily assigned user ID to run the main container process.

Links / references

Edited Dec 01, 2017 by Bart Van Bos