-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run Porch as non-root #4028
Run Porch as non-root #4028
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
/retest |
@adetalhouet you probably need to make similar changes to the deployment manifests produced by the Porch build process as you did in the Nephio repo. The manifests in the Nephio repo are just a subset of the ones generated here. Right now, e2e tests are failing, likely because the manifests used to install Porch here do not have those changes. |
- Specify where the api certs should be stored, under a path not required root access. - Customize the api server port to not use a non-priviledge port as targetPort Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the change itself LGTM and I think it makes sense to do this, but I think we should make sure @mortent agrees before merging
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Thanks for the contribution @adetalhouet
* Run Porch as non-root * Remove elevated permissions requirements - Specify where the api certs should be stored, under a path not required root access. - Customize the api server port to not use a non-priviledge port as targetPort Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com> --------- Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
Create a
porch
user to run the porch-server as non-root.