You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently all files needed to run gateway image are owned by root user.
Also the mission-control package is unpacked into /root directory.
This setup makes it impossible to run gateway image on k8s clusters with tight security restrictions like:
containers cannot be run as root ( non root user cannot create config file in /app dir and access mission-control files)
container don't have access to internet (container cannot download mission-control after failing to read one in root dir)
How can we solve it?
To overcome this, dedicated user should be created in the dockerfile and set as default user in the container. This user should own all the files and directories needed to run the application.
Happy to issue a PR if this gets and OK. Such improvement could improve and adoption of space cloud as most enterprise k8s clusters (and OpenShift by default) have such security requirements in place.
The text was updated successfully, but these errors were encountered:
The problem faced currently?
Currently all files needed to run gateway image are owned by root user.
Also the mission-control package is unpacked into /root directory.
This setup makes it impossible to run gateway image on k8s clusters with tight security restrictions like:
How can we solve it?
To overcome this, dedicated user should be created in the dockerfile and set as default user in the container. This user should own all the files and directories needed to run the application.
Happy to issue a PR if this gets and OK. Such improvement could improve and adoption of space cloud as most enterprise k8s clusters (and OpenShift by default) have such security requirements in place.
The text was updated successfully, but these errors were encountered: