Non-Root user

[ghost]

Are you able to ensure this runs as a non-root user (e.g. 'atlas') so that it can be deployed to services such as Openshift?

Thanks

[cmgrote]

While the suggestion above would certainly be the ideal solution, just wanted to point out a (less secure) workaround that you could use in the meantime that will at least technically work:

1. Create a service account specific for Atlas, e.g.
   oc create sa apache-atlas
2. Grant the anyuid security context constraint (SCC) to this service account, e.g.
   oc adm policy add-scc-to-user anyuid -z apache-atlas
3. Ensure that your deployment mechanism for the Atlas container uses this service account created in (1), e.g.

   kind: Deployment
   apiVersion: apps/v1
   metadata: ...
   spec:
     template:
       spec:
         # use name of service account created in (1) below
         serviceAccountName: apache-atlas
         containers:
           - name: atlas
             image: sburn/apache-atlas
   ...

The container should then at least be run-able inside OpenShift. (You'll need to confirm for yourself that it's OK running with the anyuid SCC in your specific cluster and situation.)