Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: run image as node user #81

Merged
merged 4 commits into from
May 14, 2019
Merged

chore: run image as node user #81

merged 4 commits into from
May 14, 2019

Conversation

jbdelpech
Copy link
Contributor

@jbdelpech jbdelpech commented Apr 16, 2019
edited
Loading

Run elastalert image as unpriviledged user, kubernetes compatible.
BTW, add a default empty dir in /opt/elastalert/rules.

If you have custom mounted volumes : it represents a BREAKING CHANGE for all images currently running as root in your cluster.

Before upgrading to this image : change your directory rights to 1000:1000 (or node:node into old elastalert image).

Feel free to test it, I packaged it from bitsensor/elastalert:2.0.1 with the changes of this PR : solocal/elastalert:2.0.3

Do not use it in production, this image will be removed soon.

@martijnrondeel
Merge branch 'develop' into 'master'
808030b 
Develop

See merge request bitsensor/back-end/elastalert!35
@martijnrondeel
Merge branch 'develop' into 'master'
c4bff24 
Develop

See merge request bitsensor/back-end/elastalert!36
@martijnrondeel
Update LICENSE.md
d7253d5
jBouyoud
jBouyoud reviewed May 13, 2019
View reviewed changes
Dockerfile Outdated
@@ -45,5 +45,12 @@ COPY config/config.json config/config.json
COPY rule_templates/ /opt/elastalert/rule_templates
COPY elastalert_modules/ /opt/elastalert/elastalert_modules

# Add default rules directory
# Set permission as unpriviledged user (1000:1000), compatible with Kubernetes
RUN mkdir -p /opt/elastalert/rules/ \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test folder seems to be missing : /opt/elastalert/server_data/tests/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your feedback !

I fixed it !

@martijnrondeel Are you interested by this change ?

@jbdelpech
chore: run image as node user
eb0d53e 
Run elastalert image as unpriviledged user
@martijnrondeel martijnrondeel changed the base branch from master to develop May 14, 2019 09:08
@bitsensor-bot bitsensor-bot merged commit eb0d53e into bitsensor:develop May 14, 2019
@martijnrondeel
Copy link
Contributor

Thank you for this merge request @jbdelpech 👍, it will be in the next beta release.

@martijnrondeel
Copy link
Contributor

martijnrondeel commented May 14, 2019
edited
Loading

This is available now in 3.0.0-beta.0.

@jbdelpech jbdelpech deleted the run-image-as-unpriviledge-user branch March 7, 2021 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jBouyoud jBouyoud jBouyoud left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jbdelpech @martijnrondeel @jBouyoud @bitsensor-bot