(aws-eks): integration tests can't be deployed #24266

pahud · 2023-02-22T01:26:47Z

Describe the bug

Integ tests in aws-eks using hashicorp/http-echo as the k8s deployment container image can't be deployed and is having the error:

Error: container has runAsNonRoot and image will run as root

This is because hashicorp/http-echo#11 and the deployment should run as 1005 described here:

https://github.com/hashicorp/http-echo/blob/672da300fbd66957bb6037e8d0369632752d1456/docker/alpine/Dockerfile#L15

Similarly, integ.eks-service-account-sdk-call can't be deployed because it's run as non-root and should be defined in the security-context of the pod as well.

Expected Behavior

integ tests integ.alb-controller.ts and integ.eks-service-account-sdk-call should be deployed

Current Behavior

integ.alb-controller.ts and integ.eks-service-account-sdk-call.ts can't be deployed

Reproduction Steps

just deploy the integ.alb-controller.ts and integ.eks-service-account-sdk-call.ts as described in the doc.

Possible Solution

define the non-user in the securityContext. i.e.

    const ingress = new kplus.Deployment(chart, 'Deployment', {
      containers: [{ 
        image: 'hashicorp/http-echo',
        args: ['-text', 'hello'],
        port: 5678,
        securityContext: {
          user: 1005,
        },
      }],
    })

Additional Information/Context

No response

CDK CLI Version

2.66.0

Framework Version

No response

Node.js Version

v16.17.0

OS

Linux

Language

Typescript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

pahud · 2023-02-22T01:27:21Z

PR underway.

This PR fixes the integ tests errors in aws-eks and addresses the following issues: `integ.alb-controller.ts` has `runAsNonRoot` error and should define a non-root user in securityContext of the pod definition to ensure successful k8s deployment. `integ.eks-service-account-sdk-call.ts` should define a non-root user as well and increase the timeout of `BucketPinger` from the default 1 min to 3 min as the deployment could take up to 2 minutes or more. The base docker image from docker hub for this test has been replaced with the same image in ECR public to avoid potential throttling. I have manually run the two integ tests in my account and both successfully deploy with no error now. Closes #24266 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2023-02-22T17:57:15Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This PR fixes the integ tests errors in aws-eks and addresses the following issues: `integ.alb-controller.ts` has `runAsNonRoot` error and should define a non-root user in securityContext of the pod definition to ensure successful k8s deployment. `integ.eks-service-account-sdk-call.ts` should define a non-root user as well and increase the timeout of `BucketPinger` from the default 1 min to 3 min as the deployment could take up to 2 minutes or more. The base docker image from docker hub for this test has been replaced with the same image in ECR public to avoid potential throttling. I have manually run the two integ tests in my account and both successfully deploy with no error now. Closes #24266 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR fixes the integ tests errors in aws-eks and addresses the following issues: `integ.alb-controller.ts` has `runAsNonRoot` error and should define a non-root user in securityContext of the pod definition to ensure successful k8s deployment. `integ.eks-service-account-sdk-call.ts` should define a non-root user as well and increase the timeout of `BucketPinger` from the default 1 min to 3 min as the deployment could take up to 2 minutes or more. The base docker image from docker hub for this test has been replaced with the same image in ECR public to avoid potential throttling. I have manually run the two integ tests in my account and both successfully deploy with no error now. Closes aws#24266 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

pahud added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 22, 2023

github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Feb 22, 2023

pahud self-assigned this Feb 22, 2023

pahud added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 22, 2023

pahud mentioned this issue Feb 22, 2023

fix(eks): integ tests errors #24276

Merged

mergify bot closed this as completed in #24276 Feb 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(aws-eks): integration tests can't be deployed #24266

(aws-eks): integration tests can't be deployed #24266

pahud commented Feb 22, 2023

pahud commented Feb 22, 2023

github-actions bot commented Feb 22, 2023