Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

✨ Run task pod as AnyUser. #755

Merged
merged 1 commit into from
Oct 10, 2024
Merged

Conversation

jortel
Copy link
Contributor

@jortel jortel commented Oct 9, 2024

To support running the task pods as AnyUser instead of root:

  • The task manager needs to no longer RunAs user root.
  • The /addon directory needs to be an EmptyDir. This is because the addon-analyzer Dockerfile cannot create the /addon directory as owned by the AnyUser.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
@dymurray dymurray added the cherry-pick/release-0.5 This PR should be cherry-picked to release-0.5 branch. label Oct 10, 2024
Copy link
Collaborator

@mansam mansam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jmontleon
Copy link
Member

ACK, tested and worked:

$ oc exec -it task-19-27t2h -c java -- ls -ld /addon
drwxrwsrwx. 7 root 1000830000 120 Oct 10 18:37 /addon

@jmontleon jmontleon merged commit 8769075 into konveyor:main Oct 10, 2024
16 checks passed
github-actions bot pushed a commit that referenced this pull request Oct 10, 2024
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
Signed-off-by: Cherry Picker <noreply@github.com>
dymurray pushed a commit that referenced this pull request Oct 11, 2024
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
dymurray pushed a commit that referenced this pull request Oct 11, 2024
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)
dymurray pushed a commit that referenced this pull request Oct 11, 2024
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)
dymurray added a commit that referenced this pull request Oct 11, 2024
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)

Co-authored-by: Jeff Ortel <jortel@redhat.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
cherry-pick/release-0.5 This PR should be cherry-picked to release-0.5 branch.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants