Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

✨ Run task pod as AnyUser. #755

Merged
merged 1 commit into from
Oct 10, 2024
Merged

✨ Run task pod as AnyUser. #755

merged 1 commit into from
Oct 10, 2024

Conversation

jortel
Copy link
Contributor

@jortel jortel commented Oct 9, 2024
edited
Loading

To support running the task pods as AnyUser instead of root:

  • The task manager needs to no longer RunAs user root.
  • The /addon directory needs to be an EmptyDir. This is because the addon-analyzer Dockerfile cannot create the /addon directory as owned by the AnyUser.

@jortel
✨ Mount /addon as emptydir; run task pod AsUser root removed.
2b4b33c 
Signed-off-by: Jeff Ortel <jortel@redhat.com>
@dymurray dymurray added the cherry-pick/release-0.5 This PR should be cherry-picked to release-0.5 branch. label Oct 10, 2024
mansam
mansam approved these changes Oct 10, 2024
View reviewed changes
Copy link
Collaborator

@mansam mansam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jmontleon
Copy link
Member

ACK, tested and worked:

$ oc exec -it task-19-27t2h -c java -- ls -ld /addon
drwxrwsrwx. 7 root 1000830000 120 Oct 10 18:37 /addon

@jmontleon jmontleon merged commit 8769075 into konveyor:main Oct 10, 2024
16 checks passed
github-actions bot pushed a commit that referenced this pull request Oct 10, 2024
@jortel @web-flow
✨ Run task pod as AnyUser. (#755)
6e7f1dd 
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
Signed-off-by: Cherry Picker <noreply@github.com>
dymurray pushed a commit that referenced this pull request Oct 11, 2024
@jortel @dymurray
✨ Run task pod as AnyUser. (#755)
d8211f6 
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
dymurray pushed a commit that referenced this pull request Oct 11, 2024
@jortel @dymurray
✨ Run task pod as AnyUser. (#755)
b81a4ff 
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)
dymurray pushed a commit that referenced this pull request Oct 11, 2024
@jortel @dymurray
✨ Run task pod as AnyUser. (#755)
15d225c 
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)
dymurray added a commit that referenced this pull request Oct 11, 2024
@dymurray @jortel
✨ Run task pod as AnyUser. (#755) (#758)
4b34670 
To support running the task pods as _AnyUser_ instead of root:
- The task manager needs to no longer RunAs user root.
- The /addon directory needs to be an _EmptyDir_. This is because the
addon-analyzer Dockerfile cannot create the /addon directory as owned by
the _AnyUser_.

Signed-off-by: Jeff Ortel <jortel@redhat.com>
(cherry picked from commit 8769075)

Co-authored-by: Jeff Ortel <jortel@redhat.com>
This was referenced Oct 24, 2024
Merged
Merged
This was referenced Jan 10, 2025
Merged
Merged
This was referenced Jan 23, 2025
Merged
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mansam mansam mansam approved these changes

@jmontleon jmontleon jmontleon approved these changes

Assignees
No one assigned
Labels
cherry-pick/release-0.5 This PR should be cherry-picked to release-0.5 branch.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jortel @jmontleon @mansam @dymurray