Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't run image as root #466

Closed
eatwithforks opened this issue Dec 9, 2020 · 8 comments · Fixed by #496
Closed

Don't run image as root #466

eatwithforks opened this issue Dec 9, 2020 · 8 comments · Fixed by #496
Assignees
@seanmalloy
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@eatwithforks
Copy link
Contributor

Needs USER 1000 in Dockerfile so I can put in securityContext runAsNonRoot: true
@eatwithforks eatwithforks added the kind/feature Categorizes issue or PR as related to a new feature. label Dec 9, 2020
@seanmalloy
Copy link
Member

@eatwithforks thanks for reporting this issue. Would you be willing to submit a PR updating Dockerfile.dev and Dockerfile with the required changes?

/kind bug
/remove-kind feature

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. and removed kind/feature Categorizes issue or PR as related to a new feature. labels Dec 10, 2020
@eatwithforks
Copy link
Contributor Author

#468

@seanmalloy
Copy link
Member

Now that the container image is setup to allow not running as root I'd like to make sure we have the YAML manifests in the kubernetes directory and the helm chart setup properly to also not run as root.

I can take care of this if others do not have time.

/reopen

@k8s-ci-robot
Copy link
Contributor

@seanmalloy: Reopened this issue.

In response to this:

Now that the container image is setup to allow not running as root I'd like to make sure we have the YAML manifests in the kubernetes directory and the helm chart setup properly to also not run as root.

I can take care of this if others do not have time.

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot reopened this Dec 17, 2020
@seanmalloy
Copy link
Member

/assign

This was referenced Feb 10, 2021
Merged
Merged
@perosb
Copy link

perosb commented Feb 17, 2021
edited
Loading

I could not run latest master using the yaml files:
Error: container has runAsNonRoot and image will run as root

Assume its missing user in Dockerfile for the built v0.20.0 image.
Adding the below makes it work tho.

securityContext:
  runAsUser: 1000

@seanmalloy
Copy link
Member

I could not run latest master using the yaml files:
Error: container has runAsNonRoot and image will run as root

Assume its missing user in Dockerfile for the built v0.20.0 image.
Adding the below makes it work tho.

securityContext:
  runAsUser: 1000

The descheduler v0.20.0 image is setup to run as root. The yaml manifests in the kubernetes directory on the master branch work with the latest development build of the descheduler.

Use the yaml manifests from the release-1.20 branch to install descheduler v0.20.0.

Thanks.

@seanmalloy
Copy link
Member

Running the descheduler container as non-root should work with the upcoming v0.21.0 release.

@damemi damemi mentioned this issue Mar 25, 2021
Closed
@pravarag pravarag mentioned this issue Mar 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seanmalloy seanmalloy

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Helm Chart to run as non-root KohlsTechnology/descheduler
4 participants
@seanmalloy @perosb @eatwithforks @k8s-ci-robot