Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run Porch as non-root #4028

Merged
merged 2 commits into from
Aug 31, 2023
Merged

Run Porch as non-root #4028

merged 2 commits into from
Aug 31, 2023

Conversation

adetalhouet
Copy link
Contributor

Create a porch user to run the porch-server as non-root.

@adetalhouet adetalhouet requested a review from a team as a code owner August 22, 2023 20:07
@google-cla
Copy link

google-cla bot commented Aug 22, 2023

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@johnbelamaric
Copy link
Contributor

/retest

@johnbelamaric
Copy link
Contributor

@adetalhouet you probably need to make similar changes to the deployment manifests produced by the Porch build process as you did in the Nephio repo. The manifests in the Nephio repo are just a subset of the ones generated here.

Right now, e2e tests are failing, likely because the manifests used to install Porch here do not have those changes.

@adetalhouet
Remove elevated permissions requirements
3997892 
- Specify where the api certs should be stored, under a path not required root access.
- Customize the api server port to not use a non-priviledge port as targetPort

Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
@johnbelamaric
Copy link
Contributor

cc @mortent @natasha41575

natasha41575
natasha41575 approved these changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@natasha41575 natasha41575 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the change itself LGTM and I think it makes sense to do this, but I think we should make sure @mortent agrees before merging

@natasha41575 natasha41575 requested review from mortent and removed request for yuwenma August 29, 2023 19:59
mortent
mortent approved these changes Aug 29, 2023
View reviewed changes
Copy link
Contributor

@mortent mortent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for the contribution @adetalhouet

@johnbelamaric johnbelamaric merged commit b0373c2 into kptdev:main Aug 31, 2023
15 checks passed
johnbelamaric pushed a commit to mortent/kpt that referenced this pull request Sep 18, 2023
@adetalhouet @johnbelamaric
Run Porch as non-root (kptdev#4028)
eaa1f6c 
* Run Porch as non-root

* Remove elevated permissions requirements

- Specify where the api certs should be stored, under a path not required root access.
- Customize the api server port to not use a non-priviledge port as targetPort

Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>

---------

Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mortent mortent mortent approved these changes

@johnbelamaric johnbelamaric johnbelamaric approved these changes

@natasha41575 natasha41575 natasha41575 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adetalhouet @johnbelamaric @mortent @natasha41575