Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow the Operator to run as non-root. #228

Merged
merged 2 commits into from
Jan 29, 2020
Merged

Allow the Operator to run as non-root. #228

merged 2 commits into from
Jan 29, 2020

Conversation

logdnalf
Copy link
Contributor

Fixes # 227

Changes proposed on the PR:

  • Add a proper security context to the Redis Operator.

Without a proper security context, the Operator Pod fails to start up
with the following error in Kubernetes 1.13+:

Error: container has runAsNonRoot and image will run as root

Without a proper security context, the Operator Pod fails to start up
with the following error in Kubernetes 1.13+:

```
Error: container has runAsNonRoot and image will run as root
```
@logdnalf
Copy link
Contributor Author

@ese and @chusAlvarez ping?

@ese
Copy link
Member

ese commented Jan 28, 2020

Thanks so much, @logdnalf. Would you mind to set a user for the docker image itself so every run of the production image will be run as user instead of root despite you are setting security policies in the pod.
Anyways I will be merging this tomorrow :)

@logdnalf
Copy link
Contributor Author

@ese I don't understand, the docker/development/Dockerfile already as a USER rf directive and all the logistics to create the rf user with UID/GID 1000. What am I missing here?

@ese
Copy link
Member

ese commented Jan 29, 2020

@ese I don't understand, the docker/development/Dockerfile already as a USER rf directive and all the logistics to create the rf user with UID/GID 1000. What am I missing here?

That is a docker image for development purpose but the one we are publishing as production image in releases is this one https://github.com/spotahome/redis-operator/blob/master/docker/app/Dockerfile#L7

@logdnalf
Copy link
Contributor Author

@ese I've also added the Dockerfile changes you requested. May you take another look?

@logdnalf logdnalf requested a review from ese January 29, 2020 12:54
Copy link
Contributor

@chusAlvarez chusAlvarez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏 👏 👏 👏 👏

@chusAlvarez chusAlvarez merged commit e9c5dea into spotahome:master Jan 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants