Fix serving samples to run as non-root #5794
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update README.md file when necessary
Update README.md file when necessary
Update README.md file when necessary
✅ Deploy Preview for knative ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
knative-prow
bot
added
the
size/XXL
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: prushh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Necessary to pass TestDocSrc
ReToCode
reviewed
Dec 12, 2023
| @@ -12,27 +12,42 @@ | |||
| # See the License for the specific language governing permissions and | |||
| # limitations under the License. | |||
|
|
|||
| FROM registry.access.redhat.com/ubi8/nodejs-12 | |||
| FROM node:20-alpine as builder | |||
| @@ -11,10 +11,29 @@ | |||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
| # See the License for the specific language governing permissions and | |||
| # limitations under the License. | |||
| FROM rust:1.31.0 AS builder | |||
There was a problem hiding this comment.
probably worth to take a look at #5757 as well.
There was a problem hiding this comment.
Sorry for the late reply!
I'm following the PR above as you suggested and the build was successful, but I get an image size of 2.32GB. I also tried to run and curl it but I got curl: (56) Recv failure: Connection reset by peer error.
FROM rust:1.73.0 AS builder
ARG USER=appuser
ARG USER_UID=1001
ARG USER_GID=$USER_UID
# Add a user so the server will run as a non-root user.
RUN addgroup --gid $USER_GID $USER && \
adduser -u $USER_UID --ingroup $USER --disabled-password $USER
COPY . .
RUN cargo install --path .
USER $USER
CMD ["knative-cloudevents-example"]Now as a first step I'm trying to reduce the image size by using a second stage where I copy and execute the release.
code-samples/serving/multi-container/servingcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
code-samples/serving/multi-container/sidecarcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
ReToCode
reviewed
Dec 12, 2023
Update dockerfiles on docs
|
@ReToCode I will work on the missing fixes as soon as possible 😄 |
|
Hey @prushh, are you still working on the last fixes? |
|
Hey @ReToCode! |
|
Ok thanks, no worries, there is no rush on it. |
knative-prow-robot
added
the
needs-rebase
|
@prushh how are things? Are you still willing to work on this PR? |
|
Hi @ReToCode, sorry for the late reply. |
|
Yes that is fine, could you please rebase and create the issue with what you found so far? |
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bumping knative.dev/hack eb35242...7030d5b: > 7030d5b Update community files (# 355) > 94f0ccf Update community files (# 354) Signed-off-by: Knative Automation <[email protected]>
Signed-off-by: Abhay <[email protected]>
* improve grafana configuration steps * update metrics documentation * fix prometheus svc name * fix section titles Describe kube-prometheus-stack and components * fix prometheus stack sections order * fix grafana sections order and level
* Resolved the bug in the default styling of note Signed-off-by: Abhay <[email protected]> * resolved spaces Signed-off-by: Abhay <[email protected]> * Resolved Link-Not-Opening Signed-off-by: Abhay <[email protected]> --------- Signed-off-by: Abhay <[email protected]>
Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack 7030d5b...3ea694d: > 3ea694d include additional k8s bash file when updating exec permission (# 357) > 2f27d6e Update community files (# 356) Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack b9f6bf0...7e71024: > 7e71024 Add clotributor link to readme (# 353) > b1b2956 Add consistent SECURITY.md (# 349) > 4f7621a Call go mod download on each module, if not vendor (# 326) > 424e75e Update community files (# 374) Signed-off-by: Knative Automation <[email protected]>
…native#5927) Bumps [express](https://github.com/expressjs/express) from 4.17.3 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.3...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…native#5926) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* upgrade to latest dependencies bumping knative.dev/hack 7e71024...47368d6: > 47368d6 Check licenses only, but not bundle them (# 376) > b985a5b Update community files (# 377) Signed-off-by: Knative Automation <[email protected]> * Fix unit-tests --------- Signed-off-by: Knative Automation <[email protected]> Co-authored-by: Reto Lehmann <[email protected]>
* Knative Backstage plugin article Signed-off-by: Ali Ok <[email protected]> * Add some images Signed-off-by: Ali Ok <[email protected]> * Make YouTube video image larger Signed-off-by: Ali Ok <[email protected]> * Show embedded YouTube video Signed-off-by: Ali Ok <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Christoph Stäbler <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md Co-authored-by: Leo Li <[email protected]> * Address comments, add target=_blank to links Signed-off-by: Ali Ok <[email protected]> * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md * Update blog/docs/articles/knative-backstage-plugins.md --------- Signed-off-by: Ali Ok <[email protected]> Co-authored-by: Christoph Stäbler <[email protected]> Co-authored-by: Leo Li <[email protected]>
Signed-off-by: Knative Automation <[email protected]>
ConfigMap values can only be of type String
* Add documentation for probing * Use white diagram background * Add more details about probing * Review improvements
* Add darkmode * Edit README * Add comments and readme * Fix UI * Update README * Update code-samples/eventing/bookstore-sample-app/frontend/client/pages/Main.js Co-authored-by: Leo Li <[email protected]> * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/BookDetail.js Co-authored-by: Leo Li <[email protected]> * Change emoji * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/Toggle.js Co-authored-by: Leo Li <[email protected]> * Fix UI * Align time --------- Co-authored-by: Leo Li <[email protected]>
Signed-off-by: tico88612 <[email protected]>
* Adding the db service * Add the readme * Add the yaml file to create the config map * Change to use the statefulSet * Delete the finished job pod after 50 seconds * Simplify the deployment tutorial for the database service * Explain why we don't use Knative Service * Remove the unnessary empty lines in the file * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <[email protected]> * Update code-samples/eventing/bookstore-sample-app/db-service/sample.sql Co-authored-by: Pierangelo Di Pilato <[email protected]> * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <[email protected]> * Fix the review comment --------- Co-authored-by: Pierangelo Di Pilato <[email protected]>
Signed-off-by: Zuhair AlSader <[email protected]>
* Add limitations for having OIDC and Istio enabled * Fix list
) Bumps [h2](https://github.com/hyperium/h2) from 0.3.24 to 0.3.26. - [Release notes](https://github.com/hyperium/h2/releases) - [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md) - [Commits](hyperium/h2@v0.3.24...v0.3.26) --- updated-dependencies: - dependency-name: h2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Knative Automation <[email protected]>
bumping knative.dev/hack 47368d6...1133b37: > 1133b37 Update community files (# 378) Signed-off-by: Knative Automation <[email protected]>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add list with OIDC authn supporting eventing components * Fix indent * Remove links to GH pages for channels
Signed-off-by: Knative Automation <[email protected]>
* Add the node.js server * Setting up the infrastructure * Update the port of the node application * Add the sinkBinding * Adding the reply feedback loop * Adding the response into the nodejs server * Change the naming convention * Update the index.js to remove the uncessary comments
…sis service (knative#5904) * Adding the knative function build for the sentiment analysis service * Update the sample code, so that the returned result is a cloudEvent * Update the sample code to give a specific event type to the response cloudEvent * Update the tutorial doc * Update the tutorial doc * Remove the docker registry info * Fix nit * Modify the return response type and how python function handle the incoming cloudEvent * Adding the explaination for serving * Unhide the alert box portion * Remove the intentional delay * Remove the duplicated line * Make the input as json instead of plaintext * Update the version of cloudEvent and update the deployment instruction * Update the tutorial to use the public URL instead of cluster-IP * Display the input text in the response
…ode (knative#5947) * Fix the content in the bad word filter knative function code * Remove the unused import * fix: fix the python format by running black
Signed-off-by: Knative Automation <[email protected]>
…k workspace (knative#5939) * add tutorial * create workspace docs * Edit img
Signed-off-by: Matthias Wessendorf <[email protected]>
* document the remaining timeout settings * fix name
|
Hi @ReToCode! It was my first rebase, I hope I've done everything correctly. |
knative-prow-robot
removed
the
needs-rebase
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes knative/serving#14566
Proposed Changes
Changes discussed on #5758
Overview
cloudevents-spring -- No Dockerfile (
mvn compile jib:build -Dimage=<image_name>)cloudevents-vertx -- No Dockerfile (same above)
gitwebhook-go -- OK
grpc-ping-go -- OK (
nonroottag specified on distroless image)helloworld-csharp -- OK
helloworld-go -- OK
helloworld-java-spark -- OK
helloworld-java-spring -- OK
helloworld-kotlin -- OK
helloworld-nodejs -- OK
helloworld-php -- OK (I'm not sure if it is the correct way to proceed)
helloworld-python -- OK
helloworld-ruby -- OK
helloworld-scala -- Added non-root user, (curl: (52) Empty reply from server)
helloworld-shell -- Need help, incorrect response
knative-routing-go -- OK (
nonroottag specified on distroless image)kong-routing-go -- OK (
nonroottag specified on distroless image)servingcontainer -- OK (bump golang to 1.21, fixed
undefined: io.ReadAllerror)sidecarcontainer -- OK (bump golang to 1.21)
secrets-go -- OK
Additional info
Wherever possible, projects were tested with Docker as follows:
Can you please take a look @ReToCode @kauana?