New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix serving samples to run as non-root #5794
base: main
Are you sure you want to change the base?
Conversation
Update README.md file when necessary
Update README.md file when necessary
Update README.md file when necessary
✅ Deploy Preview for knative ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: prushh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Necessary to pass TestDocSrc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this @prushh. Seems like lot of images are pretty outdated.
I commented inline, hope that helps with the build errors.
@@ -12,27 +12,42 @@ | |||
# See the License for the specific language governing permissions and | |||
# limitations under the License. | |||
|
|||
FROM registry.access.redhat.com/ubi8/nodejs-12 | |||
FROM node:20-alpine as builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matzew ok with this change?
@@ -11,10 +11,29 @@ | |||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
# See the License for the specific language governing permissions and | |||
# limitations under the License. | |||
FROM rust:1.31.0 AS builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably worth to take a look at #5757 as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late reply!
I'm following the PR above as you suggested and the build was successful, but I get an image size of 2.32GB. I also tried to run and curl it but I got curl: (56) Recv failure: Connection reset by peer
error.
FROM rust:1.73.0 AS builder
ARG USER=appuser
ARG USER_UID=1001
ARG USER_GID=$USER_UID
# Add a user so the server will run as a non-root user.
RUN addgroup --gid $USER_GID $USER && \
adduser -u $USER_UID --ingroup $USER --disabled-password $USER
COPY . .
RUN cargo install --path .
USER $USER
CMD ["knative-cloudevents-example"]
Now as a first step I'm trying to reduce the image size by using a second stage where I copy and execute the release.
code-samples/serving/multi-container/servingcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
code-samples/serving/multi-container/sidecarcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
Update dockerfiles on docs
@ReToCode I will work on the missing fixes as soon as possible 😄 |
Hey @prushh, are you still working on the last fixes? |
Hey @ReToCode! |
Ok thanks, no worries, there is no rush on it. |
@prushh how are things? Are you still willing to work on this PR? |
Hi @ReToCode, sorry for the late reply. |
Yes that is fine, could you please rebase and create the issue with what you found so far? |
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bumping knative.dev/hack eb35242...7030d5b: > 7030d5b Update community files (# 355) > 94f0ccf Update community files (# 354) Signed-off-by: Knative Automation <[email protected]>
Signed-off-by: Abhay <[email protected]>
* improve grafana configuration steps * update metrics documentation * fix prometheus svc name * fix section titles Describe kube-prometheus-stack and components * fix prometheus stack sections order * fix grafana sections order and level
* Resolved the bug in the default styling of note Signed-off-by: Abhay <[email protected]> * resolved spaces Signed-off-by: Abhay <[email protected]> * Resolved Link-Not-Opening Signed-off-by: Abhay <[email protected]> --------- Signed-off-by: Abhay <[email protected]>
Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack 7030d5b...3ea694d: > 3ea694d include additional k8s bash file when updating exec permission (# 357) > 2f27d6e Update community files (# 356) Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack b9f6bf0...7e71024: > 7e71024 Add clotributor link to readme (# 353) > b1b2956 Add consistent SECURITY.md (# 349) > 4f7621a Call go mod download on each module, if not vendor (# 326) > 424e75e Update community files (# 374) Signed-off-by: Knative Automation <[email protected]>
…native#5927) Bumps [express](https://github.com/expressjs/express) from 4.17.3 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.3...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…native#5926) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* upgrade to latest dependencies bumping knative.dev/hack 7e71024...47368d6: > 47368d6 Check licenses only, but not bundle them (# 376) > b985a5b Update community files (# 377) Signed-off-by: Knative Automation <[email protected]> * Fix unit-tests --------- Signed-off-by: Knative Automation <[email protected]> Co-authored-by: Reto Lehmann <[email protected]>
* Knative Backstage plugin article Signed-off-by: Ali Ok <[email protected]> * Add some images Signed-off-by: Ali Ok <[email protected]> * Make YouTube video image larger Signed-off-by: Ali Ok <[email protected]> * Show embedded YouTube video Signed-off-by: Ali Ok <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Address comments, add target=_blank to links Signed-off-by: Ali Ok <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md --------- Signed-off-by: Ali Ok <[email protected]> Co-authored-by: Christoph Stäbler <[email protected]> Co-authored-by: Leo Li <[email protected]>
Signed-off-by: Knative Automation <[email protected]>
ConfigMap values can only be of type String
* Add documentation for probing * Use white diagram background * Add more details about probing * Review improvements
* Add darkmode * Edit README * Add comments and readme * Fix UI * Update README * Update code-samples/eventing/bookstore-sample-app/frontend/client/pages/Main.js Co-authored-by: Leo Li <[email protected]> * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/BookDetail.js Co-authored-by: Leo Li <[email protected]> * Change emoji * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/Toggle.js Co-authored-by: Leo Li <[email protected]> * Fix UI * Align time --------- Co-authored-by: Leo Li <[email protected]>
Signed-off-by: tico88612 <[email protected]>
* Adding the db service * Add the readme * Add the yaml file to create the config map * Change to use the statefulSet * Delete the finished job pod after 50 seconds * Simplify the deployment tutorial for the database service * Explain why we don't use Knative Service * Remove the unnessary empty lines in the file * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <[email protected]> * Update code-samples/eventing/bookstore-sample-app/db-service/sample.sql Co-authored-by: Pierangelo Di Pilato <[email protected]> * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <[email protected]> * Fix the review comment --------- Co-authored-by: Pierangelo Di Pilato <[email protected]>
Signed-off-by: Zuhair AlSader <[email protected]>
* Add limitations for having OIDC and Istio enabled * Fix list
) Bumps [h2](https://github.com/hyperium/h2) from 0.3.24 to 0.3.26. - [Release notes](https://github.com/hyperium/h2/releases) - [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md) - [Commits](hyperium/h2@v0.3.24...v0.3.26) --- updated-dependencies: - dependency-name: h2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack 47368d6...1133b37: > 1133b37 Update community files (# 378) Signed-off-by: Knative Automation <[email protected]>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add list with OIDC authn supporting eventing components * Fix indent * Remove links to GH pages for channels
Signed-off-by: Knative Automation <[email protected]>
* Add the node.js server * Setting up the infrastructure * Update the port of the node application * Add the sinkBinding * Adding the reply feedback loop * Adding the response into the nodejs server * Change the naming convention * Update the index.js to remove the uncessary comments
…sis service (knative#5904) * Adding the knative function build for the sentiment analysis service * Update the sample code, so that the returned result is a cloudEvent * Update the sample code to give a specific event type to the response cloudEvent * Update the tutorial doc * Update the tutorial doc * Remove the docker registry info * Fix nit * Modify the return response type and how python function handle the incoming cloudEvent * Adding the explaination for serving * Unhide the alert box portion * Remove the intentional delay * Remove the duplicated line * Make the input as json instead of plaintext * Update the version of cloudEvent and update the deployment instruction * Update the tutorial to use the public URL instead of cluster-IP * Display the input text in the response
…ode (knative#5947) * Fix the content in the bad word filter knative function code * Remove the unused import * fix: fix the python format by running black
Signed-off-by: Knative Automation <[email protected]>
…k workspace (knative#5939) * add tutorial * create workspace docs * Edit img
Signed-off-by: Matthias Wessendorf <[email protected]>
* document the remaining timeout settings * fix name
Hi @ReToCode! It was my first rebase, I hope I've done everything correctly. |
Fixes knative/serving#14566
Proposed Changes
Changes discussed on #5758
Overview
cloudevents-spring -- No Dockerfile (
mvn compile jib:build -Dimage=<image_name>
)cloudevents-vertx -- No Dockerfile (same above)
gitwebhook-go -- OK
grpc-ping-go -- OK (
nonroot
tag specified on distroless image)helloworld-csharp -- OK
helloworld-go -- OK
helloworld-java-spark -- OK
helloworld-java-spring -- OK
helloworld-kotlin -- OK
helloworld-nodejs -- OK
helloworld-php -- OK (I'm not sure if it is the correct way to proceed)
helloworld-python -- OK
helloworld-ruby -- OK
helloworld-scala -- Added non-root user, (curl: (52) Empty reply from server)
helloworld-shell -- Need help, incorrect response
knative-routing-go -- OK (
nonroot
tag specified on distroless image)kong-routing-go -- OK (
nonroot
tag specified on distroless image)servingcontainer -- OK (bump golang to 1.21, fixed
undefined: io.ReadAll
error)sidecarcontainer -- OK (bump golang to 1.21)
secrets-go -- OK
Additional info
Wherever possible, projects were tested with Docker as follows:
Can you please take a look @ReToCode @kauana?