You need to sign in or sign up before continuing.

Support running GitLab in OpenShift without the need for a privileged container

Right now in order to run our container in OpenShift (see #1233 (closed)) an OpenShift cluster-admin needs to add your project's default user to the privileged security context. By default, other admin users don't have this ability. This results in users being able to see the gitlab-ce template, add it to their project, and have it configure everything... but the container will not start because their project user does not have permission to use privileged containers.

This issue is for exploring whether we can use some different security capabilities, run root as a different uid in the container, or try and run gitlab-ctl as a non-root user in order to remove the need for using a privileged container.

cc @sytses @marin @ayufan @TheSteve0 @jorgemoralespou @mjelen