Run all knative-sample images as non-root #14566
Comments
kauana
added
the
kind/feature
knative-prow
bot
added
area/build
|
/assign |
|
@kauana I would like to work on this issue. Where can i get started ? |
|
Hello @karthikmurali60, thank you for picking this up! Basically we want to update the knative-sample images from here to run as non-root, so one way is to configure the sample images' Dockerfile (Dockerfile example for helloworld-go) to run as a non-root user. |
|
Hi everyone, I would like to work on this issue. Are you still working on it, @karthikmurali60? |
|
@prushh yeah i am working on it |
|
@kauana can you please review the linked PR - knative/docs#5758 ?? |
|
Thank you for the PR! I'm looking at it :) |
dprotaso
added
good first issue
|
This issue is stale because it has been open for 90 days with no |
github-actions
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
knative-prow
bot
removed
the
lifecycle/stale
|
/unassign karthikmurali60 |
/area build
/kind good-first-issue
Context
Related issues: #14029 / #14168
As part of the effort to enable secure-pod-defaults by default, we must ensure that all knative-sample images run as non-root. This will ensure that if we decide to enable this feature, it won't disrupt installations for folks doing demos, tests, talks, etc. (note that once this feature is activated, all images will be mandated to run as non-root)
What
Ensure that all images used as knative samples are running as non-root. Please see Knative Serving code samples for a list of all images currently used as samples.
We should also highlight this change in the release notes. This will keep the community informed and allow us to collect feedback to determine if activating secure-pod-defaults by default is indeed the way to go.
The text was updated successfully, but these errors were encountered: