-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
control-service: run data job as non-root user (#710)
Currently data job docker container is run as root user . This is not considered best practice (https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user) And in environment where root is forbidden it won't work. For example the job would fail if data job kubernetes pod is set to run as specific user e.g using: ``` securityContext: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 ``` We are making sure that when building the data job we are setting up permissions and users and starting the docker container with new user. The UID and GID can be passed as argument during docker build but that is not currently exposed to operators when deploying jobs. So the UID/GID is currently required to be 1000 Testing Done: deployed locally job with runAsUser securityContext (as above) and the job succeeded. The integration test would verify end to end as well. Signed-off-by: Antoni Ivanov <aivanov@vmware.com>
- Loading branch information
1 parent
36b28c1
commit 0ff5930
Showing
6 changed files
with
27 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
projects/control-service/projects/job-builder-rootless/version.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
1.3.0dev2 | ||
1.3.1dev2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
1.2.2 | ||
1.2.3 |