Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config: fix runAsUser inconsistency with images 🍨 #3342

Merged
merged 1 commit into from
Oct 6, 2020
Merged

config: fix runAsUser inconsistency with images 🍨 #3342

merged 1 commit into from
Oct 6, 2020

Conversation

vdemeester
Copy link
Member

@vdemeester vdemeester commented Oct 6, 2020
edited
Loading

Changes

Closes #3273

The distroless nonroot image define a user with the uid 65532 and
not 1001. The deployment should use that uid to make sure it works anywhere.

Signed-off-by: Vincent Demeester [email protected]

/cc @imjasonh @mattmoor @tektoncd/core-maintainers
/kind bug

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Includes docs (if user facing)
  • Commit messages follow commit message best practices
  • Release notes block has been filled in or deleted (only if no user facing changes)

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

Fix inconsistent uid for the controller and webhook deployment, resulting in failure of installing tekton pipeline on minikube (and other platforms.)

@vdemeester
config: fix runAsUser inconsistency with images 🍨
a4f4319 
The distroless `nonroot` image define a user with the uid 65532 and
not 1001. The deployment should use that uid to make sure it works anywhere.

Signed-off-by: Vincent Demeester <[email protected]>
@vdemeester vdemeester added the needs-cherry-pick Indicates a PR needs to be cherry-pick to a release branch label Oct 6, 2020
@tekton-robot tekton-robot requested review from imjasonh, mattmoor and a team October 6, 2020 15:44
@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 6, 2020
mattmoor
mattmoor reviewed Oct 6, 2020
View reviewed changes
Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 6, 2020
@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbwsg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 6, 2020
afrittoli
afrittoli reviewed Oct 6, 2020
View reviewed changes
Copy link
Member

@afrittoli afrittoli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, thanks.
Perhaps we should provide some mechanism to override that UID, or at least document it in the .ko.yaml too, so that if someone uses a different base image, they don't get a bad surprise.

@afrittoli
Copy link
Member

/lgtm

@vdemeester
Copy link
Member Author

Could not resolve host: github.com... 😭
/retest

@vdemeester
Copy link
Member Author

/retest

@tekton-robot tekton-robot merged commit 4f5a71c into tektoncd:master Oct 6, 2020
@vdemeester vdemeester deleted the 3273-uid-inconsistency branch October 7, 2020 06:44
dibyom added a commit to dibyom/triggers that referenced this pull request Oct 7, 2020
@dibyom
Set runAsUser uid for nonroot distroless image
9c89204 
Port of tektoncd/pipeline#3342:

The distroless nonroot image define a user with the uid 65532 and not 1001. The
deployment should use that uid to make sure it works anywhere.

Fixes tektoncd#781

Signed-off-by: Dibyo Mukherjee <[email protected]>
@dibyom dibyom mentioned this pull request Oct 7, 2020
Merged
4 tasks
tekton-robot pushed a commit to tektoncd/triggers that referenced this pull request Oct 8, 2020
@dibyom @tekton-robot
Set runAsUser uid for nonroot distroless image
09539a8 
Port of tektoncd/pipeline#3342:

The distroless nonroot image define a user with the uid 65532 and not 1001. The
deployment should use that uid to make sure it works anywhere.

Fixes #781

Signed-off-by: Dibyo Mukherjee <[email protected]>
dibyom added a commit to dibyom/dashboard that referenced this pull request Oct 8, 2020
@dibyom
Set runAsUser uid for nonroot distroless image
fbf5f86 
Port of tektoncd/pipeline#3342:

The distroless nonroot image define a user with the uid 65532. The
deployment should use that uid to make sure it works anywhere.
@dibyom dibyom mentioned this pull request Oct 8, 2020
Merged
3 tasks
gabemontero added a commit to gabemontero/triggers that referenced this pull request Oct 8, 2020
@gabemontero
port tektoncd/pipeline#2967 and tektoncd/pipeline#3342 to triggers
db1387d
@gabemontero gabemontero mentioned this pull request Oct 8, 2020
Merged
3 tasks
@vdemeester vdemeester added this to the Pipelines v0.17 milestone Oct 12, 2020
tekton-robot pushed a commit to tektoncd/dashboard that referenced this pull request Oct 12, 2020
@dibyom @tekton-robot
Set runAsUser uid for nonroot distroless image
66f1bb0 
Port of tektoncd/pipeline#3342:

The distroless nonroot image define a user with the uid 65532. The
deployment should use that uid to make sure it works anywhere.
@vdemeester vdemeester removed the needs-cherry-pick Indicates a PR needs to be cherry-pick to a release branch label Oct 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor left review comments

@afrittoli afrittoli afrittoli left review comments

@imjasonh imjasonh Awaiting requested review from imjasonh

Assignees

@afrittoli afrittoli

@mattmoor mattmoor

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
Pipelines v0.17
Development

Successfully merging this pull request may close these issues.

Failed to install v0.16.3 on minikube
4 participants
@vdemeester @tekton-robot @afrittoli @mattmoor