search

knative / serving

Kubernetes-based, scale-to-zero, request-driven compute
https://knative.dev/docs/serving/
Apache License 2.0
5.57k stars 1.16k forks source link

Run all knative-sample images as non-root #14566

Closed kauana closed 1 week ago

kauana commented 1 year ago

/area build /kind good-first-issue

Context

Related issues: #14029 / #14168

As part of the effort to enable secure-pod-defaults by default, we must ensure that all knative-sample images run as non-root. This will ensure that if we decide to enable this feature, it won't disrupt installations for folks doing demos, tests, talks, etc. (note that once this feature is activated, all images will be mandated to run as non-root)

What

Ensure that all images used as knative samples are running as non-root. Please see Knative Serving code samples for a list of all images currently used as samples.

We should also highlight this change in the release notes. This will keep the community informed and allow us to collect feedback to determine if activating secure-pod-defaults by default is indeed the way to go.

karthikmurali60 commented 1 year ago

/assign

karthikmurali60 commented 1 year ago

@kauana I would like to work on this issue. Where can i get started ?

kauana commented 1 year ago

Hello @karthikmurali60, thank you for picking this up! Basically we want to update the knative-sample images from here to run as non-root, so one way is to configure the sample images' Dockerfile (Dockerfile example for helloworld-go) to run as a non-root user.

prushh commented 1 year ago

Hi everyone, I would like to work on this issue.

Are you still working on it, @karthikmurali60?

karthikmurali60 commented 12 months ago

@prushh yeah i am working on it

karthikmurali60 commented 12 months ago

@kauana can you please review the linked PR - https://github.com/knative/docs/pull/5758 ??

kauana commented 12 months ago

Thank you for the PR! I'm looking at it :)

github-actions[bot] commented 8 months ago

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

ReToCode commented 8 months ago

/remove-lifecycle stale

aliok commented 5 months ago

/unassign karthikmurali60

ayushrakesh commented 4 months ago

@kauana Is this issue still needs some work? I am interested.

ReToCode commented 4 months ago

Yes it does, check out the https://github.com/knative/docs/pull/5794. There are still open tasks to be resolved, but your work could be started from that.

github-actions[bot] commented 1 month ago

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.