Skip to content

Commit

Permalink
Use port higher than 1024 to be able to run as a non-root user (#960)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vpavlin @k8s-ci-robot
vpavlin authored and k8s-ci-robot committed Dec 13, 2019
1 parent 82e0cd6 commit 61e5188
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 4 deletions.
1 change: 1 addition & 0 deletions cmd/katib-controller/v1alpha3/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,5 @@ FROM alpine:3.7
WORKDIR /app
RUN apk update && apk add ca-certificates
COPY --from=build-env /go/src/github.com/kubeflow/katib/cmd/katib-controller/katib-controller .
USER 1000
ENTRYPOINT ["./katib-controller"]
4 changes: 3 additions & 1 deletion cmd/katib-controller/v1alpha3/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,12 @@ func main() {

var experimentSuggestionName string
var metricsAddr string
var webhookPort int

flag.StringVar(&experimentSuggestionName, "experiment-suggestion-name",
"default", "The implementation of suggestion interface in experiment controller (default|fake)")
flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
flag.IntVar(&webhookPort, "webhook-port", 8443, "The port number to be used for admission webhook server.")

flag.Parse()

Expand Down Expand Up @@ -83,7 +85,7 @@ func main() {
}

log.Info("Setting up webhooks")
if err := webhook.AddToManager(mgr); err != nil {
if err := webhook.AddToManager(mgr, int32(webhookPort)); err != nil {
log.Error(err, "unable to register webhooks to the manager")
os.Exit(1)
}
Expand Down
4 changes: 3 additions & 1 deletion manifests/v1alpha3/katib-controller/katib-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@ spec:
image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller
imagePullPolicy: IfNotPresent
command: ["./katib-controller"]
args:
- '--webhook-port=8443'
ports:
- containerPort: 443
- containerPort: 8443
name: webhook
protocol: TCP
- containerPort: 8080
Expand Down
2 changes: 1 addition & 1 deletion manifests/v1alpha3/katib-controller/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
targetPort: 8443
name: webhook
- name: metrics
port: 8080
Expand Down
3 changes: 2 additions & 1 deletion pkg/webhook/v1alpha3/webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ const (
katibControllerName = "katib-controller"
)

func AddToManager(m manager.Manager) error {
func AddToManager(m manager.Manager, port int32) error {
server, err := webhook.NewServer("katib-admission-server", m, webhook.ServerOptions{
CertDir: "/tmp/cert",
BootstrapOptions: &webhook.BootstrapOptions{
Expand All @@ -53,6 +53,7 @@ func AddToManager(m manager.Manager) error {
ValidatingWebhookConfigName: "katib-validating-webhook-config",
MutatingWebhookConfigName: "katib-mutating-webhook-config",
},
Port: port,
})
if err != nil {
return err
Expand Down

0 comments on commit 61e5188

Please sign in to comment.