Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run all server components as non-root users #414

Merged
merged 2 commits into from
Nov 18, 2020

Conversation

ncopa
Copy link
Collaborator

@ncopa ncopa commented Nov 17, 2020

Fix the last bits needed for all server components to run as non-root users.

What this PR Includes

@ncopa ncopa requested a review from a team as a code owner November 17, 2020 15:58
@ncopa ncopa requested review from kke, jnummelin and mikhail-sakhnov and removed request for a team November 17, 2020 15:58
Fix running konnectivity-server as non-root user `konnectivity-server`
by creating a directory for the unix socket with the proper permissions.

Replace path.Join with filepath.Join since we are joining file paths and
not URLs.

Drop github.com/pkg/errors in favor of fmt.Errorf (see k0sproject#227)

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Add users for kube-controller-manager, kube-scheduler and
konnectivity-server in footloose-alpine docker image so those process
runs as non-root.

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
@ncopa ncopa force-pushed the fix-non-root-konnectivity branch from a00b7ec to 9f45eeb Compare November 17, 2020 16:44
@ncopa ncopa merged commit 86db2f6 into k0sproject:main Nov 18, 2020
@ncopa ncopa deleted the fix-non-root-konnectivity branch November 18, 2020 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants