-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjust Beats container user to be numeric. #41197
Conversation
Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
@rdner you were working in the wolfi images. Is there any special reason you used non-numeric users? Otherwise I believe this PR is good to be merged |
The history is in #35272:
I'm fine with this, I do wonder if we should change the actual template input that resolves tot he .user value to be numeric to keep this from coming back (in addition to my original comment on the PR about having a test to catch this). I see similar things in the agent container template so worth cross-referencing to ensure this problem doesn't put up again with agent. https://github.com/elastic/elastic-agent/blob/0a965617920874e740b85aad7b383ea370804401/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl#L283 I'm out Monday but @rdner is back, I'll let him do the approving so someone other than me builds up context on this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Signed-off-by: Michael Montgomery <mmontg1@gmail.com> (cherry picked from commit a7915d8)
Adjust Beats container user to be numeric.
"Recently" the user in the dockerfile was adjusted to be
1000
instead ofmetricbeat
: https://github.com/elastic/beats/pull/35272/files#r1184217000I believe this was recently changed here
See elastic/cloud-on-k8s#8086 (comment)
This is causing issues when running the container as
runAsNonRoot: true
:Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Disruptive User Impact
This should only allow the container to run when
runAsNonRoot: true
is set.Author's Checklist
How to test this PR locally
mage package
I believeRelated issues