Permission denied error while running the container as a non root user

[I321506]

@tatsuhiro-t @balboah @weitzj
This is not exactly an issue instead I am looking for some solution for my requirement:
We have enabled the Pod Security Policy(PSP) in the cluster and due to the unprivileged PSP, the nghttpx-controller is forced to run as non-root user.
"securityContext":
{
"runAsUser": 65534,
"fsGroup": 65534
}

container creation failed with the error: mkdir etc/nghttpx permission denied.

Added the config "--nghttpx-conf-dir=/tmp" to use the tmp folder instead of etc/nghttpx. With this change the nghttpxx controller pod creation was successful.

When I tried creating the ingress service, service creation is failing and the error is:
failed to write TLS private key: open /tmp/tls/nghttpx139340113: permission denied

Please note that everything works perfectly fine when it is assigned to privileged pod security policy and run as the root user

[jan]

@I321506 thanks for thinking about security. People like you keep the Internetz running. I am the wrong Jan though. ;)

[tatsuhiro-t]

I think you can workaround this by creating the directory when building docker image.