tvi
commented
2 years ago Hi @gempesaw , thanks for the PR; I will get this tested on our dev k8s cluster setup and if nothing breaks looks good.
Closed gempesaw closed 1 year ago
tvi
commented
2 years ago Hi @gempesaw , thanks for the PR; I will get this tested on our dev k8s cluster setup and if nothing breaks looks good.
gempesaw
commented
2 years ago 👋🏽 just stopping by to say - our testing went off without a hitch. actually, we're running the v0.0.20 our kubernetes clusters with a runAsUser: 12345 in the podspec for the daemonset and the sidecar. even though, a user with UID 12345 doesn't exist in the container yet :P
didn't notice any error messages in the logs, and in fact everything worked fine! able to deploy a pod with annotations that showed up in consul; changing the annotations reflects into consul, and rolling pods during deployments are also reflected as expected.
thanks again for this tool! we're really excited to switch to it and have the guarantee of deployments <--> consul registration
@tvi
context
hey there, we'd like to run this Docker image as a non-root user, as a security best practice. going through testing right now. thankfully it's pretty straightforward to add a user & switch to it in alpine-based images. thanks for katalog-sync!
changes
katalog-syncwith arbitrary uid12345