-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running docker containers as non-root user #415
Conversation
My only concern here is around glog attempting to write a log file to disk (which we don't want it to do anyway, but I know it sometimes does bad things, because glog is bad 🙃) /ok-to-test |
That's a good point, I didn't test myself with logfiles enabled so that might fail. |
/retest |
@munnerz By default, glog logs in If a user configures the log-dir away from default, it seems reasonable to also expect them to correctly permission it. |
/retest |
1 similar comment
/retest |
What's up with your 1.9 environment? |
/test e2e v1.9 |
We were hitting some issues relating to Helm timeouts (see #429) /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: munnerz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
What this PR does / why we need it:
I've added a user to the controller and ingress-shim Dockerfiles. The processes don't need root access so I figured I might as well limit it.