Few things I noticed about k8s docs that probably needs to be reviewed/updated.
https://www.krakend.io/docs/deploying/kubernetes/ states that UID 1000 needs to be used. However, the docker build guideline does not set the user. I think we should add the appropriate USER to the Dockerfile. Otherwise with a k8s PSA of restricted the container runs into permission errors.
FROM devopsfaith/krakend:2.3.2 as builder
ARG ENV=prod
USER 1000
.
.
.
Next, NET_BIND_SERVICE is only needed if ports <1024 are used. I think with security in mind, I think that privilege needs to be dropped.
Hi,
Few things I noticed about k8s docs that probably needs to be reviewed/updated.
https://www.krakend.io/docs/deploying/kubernetes/ states that UID 1000 needs to be used. However, the docker build guideline does not set the user. I think we should add the appropriate USER to the Dockerfile. Otherwise with a k8s PSA of
restrictedthe container runs into permission errors.Next,
NET_BIND_SERVICEis only needed if ports <1024 are used. I think with security in mind, I think that privilege needs to be dropped.Thanks.