Revert "Update platform containers to use non-root users (#7872)"

This reverts commit ebcaf2b.
airbytehq · Dec 8, 2021 · 46da278 · 46da278
1 parent ebcaf2b
commit 46da278
Show file tree

Hide file tree

Showing 15 changed files with 14 additions and 36 deletions.
diff --git a/airbyte-scheduler/app/Dockerfile b/airbyte-scheduler/app/Dockerfile
@@ -3,15 +3,9 @@ FROM openjdk:${JDK_VERSION}-slim AS scheduler
 
 ENV APPLICATION airbyte-scheduler
 
-RUN groupadd --gid 1000 airbyte && \
-    useradd --uid 1000 --gid airbyte airbyte
-
 WORKDIR /app
 
 ADD bin/${APPLICATION}-0.33.5-alpha.tar /app
 
-# Set user to Airbyte, use numeric value for k8s runAsNonRoot PodSecurityPolicy
-USER 1000:1000
-
 # wait for upstream dependencies to become available before starting server
 ENTRYPOINT ["/bin/bash", "-c", "${APPLICATION}-0.33.5-alpha/bin/${APPLICATION}"]
diff --git a/airbyte-server/Dockerfile b/airbyte-server/Dockerfile
@@ -5,15 +5,9 @@ EXPOSE 8000
 
 ENV APPLICATION airbyte-server
 
-RUN groupadd --gid 1000 airbyte && \
-    useradd --uid 1000 --gid airbyte airbyte
-
 WORKDIR /app
 
 ADD bin/${APPLICATION}-0.33.5-alpha.tar /app
 
-# Set user to Airbyte, use numeric value for k8s runAsNonRoot PodSecurityPolicy
-USER 1000:1000
-
 # wait for upstream dependencies to become available before starting server
 ENTRYPOINT ["/bin/bash", "-c", "${APPLICATION}-0.33.5-alpha/bin/${APPLICATION}"]
diff --git a/airbyte-webapp/Dockerfile b/airbyte-webapp/Dockerfile
@@ -1,6 +1,6 @@
-FROM nginxinc/nginx-unprivileged:1.19-alpine as webapp
+FROM nginx:1.19-alpine as webapp
 
-EXPOSE 8080
+EXPOSE 80
 
 COPY bin/build /usr/share/nginx/html
 COPY bin/docs /usr/share/nginx/html/docs

diff --git a/airbyte-webapp/nginx/default.conf.template b/airbyte-webapp/nginx/default.conf.template
@@ -3,8 +3,8 @@ upstream api-server {
 }
 
 server {
-    listen       8080;
-    listen  [::]:8080;
+    listen       80;
+    listen  [::]:80;
     server_name  localhost;
 
     #charset koi8-r;

diff --git a/airbyte-workers/Dockerfile b/airbyte-workers/Dockerfile
@@ -3,9 +3,6 @@ FROM openjdk:${JDK_VERSION}-slim AS worker
 
 ARG DOCKER_BUILD_ARCH=amd64
 
-RUN groupadd --gid 1000 airbyte && \
-    useradd --uid 1000 --gid airbyte airbyte
-
 # Install Docker to launch worker images. Eventually should be replaced with Docker-java.
 # See https://gitter.im/docker-java/docker-java?at=5f3eb87ba8c1780176603f4e for more information on why we are not currently using Docker-java
 RUN apt-get update && apt-get install -y \
@@ -28,8 +25,5 @@ WORKDIR /app
 # Move worker app
 ADD bin/${APPLICATION}-0.33.5-alpha.tar /app
 
-# Set user to Airbyte, use numeric value for k8s runAsNonRoot PodSecurityPolicy
-USER 1000:1000
-
 # wait for upstream dependencies to become available before starting server
 ENTRYPOINT ["/bin/bash", "-c", "${APPLICATION}-0.33.5-alpha/bin/${APPLICATION}"]
diff --git a/charts/airbyte/templates/webapp/deployment.yaml b/charts/airbyte/templates/webapp/deployment.yaml
@@ -65,7 +65,7 @@ spec:
         {{- end }}
         ports:
         - name: http
-          containerPort: 8080
+          containerPort: 80
           protocol: TCP
         {{- if .Values.webapp.resources }}
         resources: {{- toYaml .Values.webapp.resources | nindent 10 }}

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -164,7 +164,7 @@ services:
     container_name: airbyte-webapp
     restart: unless-stopped
     ports:
-      - 8000:8080
+      - 8000:80
     environment:
       - AIRBYTE_ROLE=${AIRBYTE_ROLE:-}
       - AIRBYTE_VERSION=${VERSION}

diff --git a/docs/contributing-to-airbyte/developing-on-kubernetes.md b/docs/contributing-to-airbyte/developing-on-kubernetes.md
@@ -14,7 +14,7 @@ If you're developing locally using Minikube/Docker Desktop/Kind, you can iterate
 ./gradlew build # build dev images
 kubectl delete -k kube/overlays/dev # optional (allows you to recreate resources from scratch)
 kubectl apply -k kube/overlays/dev # applies manifests
-kubectl port-forward svc/airbyte-webapp-svc 8000:8080 # port forward the api/ui
+kubectl port-forward svc/airbyte-webapp-svc 8000:80 # port forward the api/ui
 ```
 
 ## Iteration Cycle \(on GKE\)

diff --git a/docs/deploying-airbyte/on-kubernetes.md b/docs/deploying-airbyte/on-kubernetes.md
@@ -132,7 +132,7 @@ kubectl apply -k kube/overlays/stable
 
 After 2-5 minutes, `kubectl get pods | grep airbyte` should show `Running` as the status for all the core Airbyte pods. This may take longer on Kubernetes clusters with slow internet connections.
 
-Run `kubectl port-forward svc/airbyte-webapp-svc 8000:8080` to allow access to the UI/API.
+Run `kubectl port-forward svc/airbyte-webapp-svc 8000:80` to allow access to the UI/API.
 
 Now visit [http://localhost:8000](http://localhost:8000) in your browser and start moving some data!
 

diff --git a/docs/operator-guides/upgrading-airbyte.md b/docs/operator-guides/upgrading-airbyte.md
@@ -77,7 +77,7 @@ If you are upgrading from \(i.e. your current version of Airbyte is\) Airbyte ve
 
    After 2-5 minutes, `kubectl get pods | grep airbyte` should show `Running` as the status for all the core Airbyte pods. This may take longer on Kubernetes clusters with slow internet connections.
 
-   Run `kubectl port-forward svc/airbyte-webapp-svc 8000:8080` to allow access to the UI/API.
+   Run `kubectl port-forward svc/airbyte-webapp-svc 8000:80` to allow access to the UI/API.
 
 ## Upgrading on K8s \(0.26.4-alpha and below\)
 

diff --git a/kube/overlays/dev-integration-test/.env b/kube/overlays/dev-integration-test/.env
@@ -27,7 +27,7 @@ SUBMITTER_NUM_THREADS=10
 
 # Miscellaneous
 TRACKING_STRATEGY=logging
-WEBAPP_URL=airbyte-webapp-svc:8080
+WEBAPP_URL=airbyte-webapp-svc:80
 API_URL=/api/v1/
 INTERNAL_API_HOST=airbyte-server-svc:8001
 

diff --git a/kube/overlays/dev/.env b/kube/overlays/dev/.env
@@ -29,7 +29,7 @@ SUBMITTER_NUM_THREADS=10
 
 # Miscellaneous
 TRACKING_STRATEGY=logging
-WEBAPP_URL=airbyte-webapp-svc:8080
+WEBAPP_URL=airbyte-webapp-svc:80
 API_URL=/api/v1/
 INTERNAL_API_HOST=airbyte-server-svc:8001
 

diff --git a/kube/overlays/stable-with-resource-limits/.env b/kube/overlays/stable-with-resource-limits/.env
@@ -29,7 +29,7 @@ SUBMITTER_NUM_THREADS=10
 
 # Miscellaneous
 TRACKING_STRATEGY=segment
-WEBAPP_URL=airbyte-webapp-svc:8080
+WEBAPP_URL=airbyte-webapp-svc:80
 API_URL=/api/v1/
 INTERNAL_API_HOST=airbyte-server-svc:8001
 

diff --git a/kube/overlays/stable/.env b/kube/overlays/stable/.env
@@ -29,7 +29,7 @@ SUBMITTER_NUM_THREADS=10
 
 # Miscellaneous
 TRACKING_STRATEGY=segment
-WEBAPP_URL=airbyte-webapp-svc:8080
+WEBAPP_URL=airbyte-webapp-svc:80
 API_URL=/api/v1/
 INTERNAL_API_HOST=airbyte-server-svc:8001
 

diff --git a/kube/resources/webapp.yaml b/kube/resources/webapp.yaml
@@ -6,9 +6,7 @@ spec:
   type: NodePort
   ports:
     - port: 80
-      targetPort: http
       protocol: TCP
-      name: http
   selector:
     airbyte: webapp
 ---
@@ -61,6 +59,4 @@ spec:
                   name: airbyte-env
                   key: INTERNAL_API_HOST
           ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
+            - containerPort: 80