Set numeric user to comply runAsNonRoot k8s policy

mdawar / rq-exporter

Prometheus metrics exporter for Python RQ (Redis Queue).

MIT License

65 stars 28 forks source link

Set numeric user to comply runAsNonRoot k8s policy #21

Closed aleksandr-vin closed 2 years ago

aleksandr-vin commented 2 years ago

When in k8s, container has runAsNonRoot policy and image has non-numeric user (exporter), then the deployment will fail as it cannot verify user is non-root.

Closes #20

Signed-off-by: Aleksandr Vinokurov aleksandr.vin@gmail.com

mdawar commented 2 years ago

Hi,

Thank you for the pull request.

It seems that this is a fix specific to your environment, right? I don't use k8s, but did you try to set runAsUser without this change to the Dockerfile? I have found this answer on Stackoverflow that suggests this config:

securityContext:
    runAsUser: 999

Also asking because it's not a good practice to bind to a specific user ID. We don't want to push a new image that could break the current user's setups.

aleksandr-vin commented 2 years ago

Hi,

That's not specific to my environment, but to Kubernetes in general. I do use that workaround for now. But this PR will just make it more robust for everybody who's using this docker image in Kubernetes.

aleksandr-vin commented 2 years ago

And 999 is the same actual value, that was originally picked up by useradd command during that docker image builds ;)