-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use UID and GID for USER in Dockerfile #1922
Conversation
Solves issue #1921. On clusters that strictly enforce no root containers via an Admission Controller, they can't determine that a named user isn't 0 in the container. This changes the container to identify the USER by UID and GID so the admission controller can allow this through. Chainguard documents the UID and GID of nonroot https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/overview/#users
✅ Deploy Preview for zarf-docs canceled.
|
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm (approving after main merge)
Thank you! If I understand right, looks like you folks as the vendor are also owners on the Repo1 equivalent so I'll make the connection. https://repo1.dso.mil/dsop/opensource/defenseunicorns/zarf/zarf-agent/-/issues/39 |
Description
On clusters that strictly enforce no root containers via an Admission Controller, they can't determine that a named user isn't 0 in the container. This changes the container to identify the USER by UID and GID so the admission controller can allow this through.
Chainguard documents the UID and GID of nonroot https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/overview/#users
Related Issue
Fixes #1921
Type of change
Checklist before merging