-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix serving samples to run as non-root #5794
Conversation
Update README.md file when necessary
Update README.md file when necessary
Update README.md file when necessary
✅ Deploy Preview for knative ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: prushh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Necessary to pass TestDocSrc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this @prushh. Seems like lot of images are pretty outdated.
I commented inline, hope that helps with the build errors.
@@ -12,27 +12,42 @@ | |||
# See the License for the specific language governing permissions and | |||
# limitations under the License. | |||
|
|||
FROM registry.access.redhat.com/ubi8/nodejs-12 | |||
FROM node:20-alpine as builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matzew ok with this change?
@@ -11,10 +11,29 @@ | |||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||
# See the License for the specific language governing permissions and | |||
# limitations under the License. | |||
FROM rust:1.31.0 AS builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably worth to take a look at #5757 as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late reply!
I'm following the PR above as you suggested and the build was successful, but I get an image size of 2.32GB. I also tried to run and curl it but I got curl: (56) Recv failure: Connection reset by peer
error.
FROM rust:1.73.0 AS builder
ARG USER=appuser
ARG USER_UID=1001
ARG USER_GID=$USER_UID
# Add a user so the server will run as a non-root user.
RUN addgroup --gid $USER_GID $USER && \
adduser -u $USER_UID --ingroup $USER --disabled-password $USER
COPY . .
RUN cargo install --path .
USER $USER
CMD ["knative-cloudevents-example"]
Now as a first step I'm trying to reduce the image size by using a second stage where I copy and execute the release.
code-samples/serving/multi-container/servingcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
code-samples/serving/multi-container/sidecarcontainer/Dockerfile
Outdated
Show resolved
Hide resolved
Update dockerfiles on docs
@ReToCode I will work on the missing fixes as soon as possible 😄 |
Hey @prushh, are you still working on the last fixes? |
Hey @ReToCode! |
Ok thanks, no worries, there is no rush on it. |
@prushh how are things? Are you still willing to work on this PR? |
Hi @ReToCode, sorry for the late reply. |
Yes that is fine, could you please rebase and create the issue with what you found so far? |
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bumping knative.dev/hack eb35242...7030d5b: > 7030d5b Update community files (# 355) > 94f0ccf Update community files (# 354) Signed-off-by: Knative Automation <automation@knative.team>
Signed-off-by: Abhay <abhayetwup123@gmail.com>
* improve grafana configuration steps * update metrics documentation * fix prometheus svc name * fix section titles Describe kube-prometheus-stack and components * fix prometheus stack sections order * fix grafana sections order and level
* Resolved the bug in the default styling of note Signed-off-by: Abhay <abhayetwup123@gmail.com> * resolved spaces Signed-off-by: Abhay <abhayetwup123@gmail.com> * Resolved Link-Not-Opening Signed-off-by: Abhay <abhayetwup123@gmail.com> --------- Signed-off-by: Abhay <abhayetwup123@gmail.com>
Signed-off-by: Knative Automation <automation@knative.team>
bumping knative.dev/hack 7030d5b...3ea694d: > 3ea694d include additional k8s bash file when updating exec permission (# 357) > 2f27d6e Update community files (# 356) Signed-off-by: Knative Automation <automation@knative.team>
* Add darkmode * Edit README * Add comments and readme * Fix UI * Update README * Update code-samples/eventing/bookstore-sample-app/frontend/client/pages/Main.js Co-authored-by: Leo Li <leoli@redhat.com> * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/BookDetail.js Co-authored-by: Leo Li <leoli@redhat.com> * Change emoji * Update code-samples/eventing/bookstore-sample-app/frontend/client/components/Toggle.js Co-authored-by: Leo Li <leoli@redhat.com> * Fix UI * Align time --------- Co-authored-by: Leo Li <leoli@redhat.com>
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
* Adding the db service * Add the readme * Add the yaml file to create the config map * Change to use the statefulSet * Delete the finished job pod after 50 seconds * Simplify the deployment tutorial for the database service * Explain why we don't use Knative Service * Remove the unnessary empty lines in the file * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <pierangelodipilato@gmail.com> * Update code-samples/eventing/bookstore-sample-app/db-service/sample.sql Co-authored-by: Pierangelo Di Pilato <pierangelodipilato@gmail.com> * Update code-samples/eventing/bookstore-sample-app/db/README.md Co-authored-by: Pierangelo Di Pilato <pierangelodipilato@gmail.com> * Fix the review comment --------- Co-authored-by: Pierangelo Di Pilato <pierangelodipilato@gmail.com>
Signed-off-by: Zuhair AlSader <zuhair@koor.tech>
* Add limitations for having OIDC and Istio enabled * Fix list
) Bumps [h2](https://github.com/hyperium/h2) from 0.3.24 to 0.3.26. - [Release notes](https://github.com/hyperium/h2/releases) - [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md) - [Commits](hyperium/h2@v0.3.24...v0.3.26) --- updated-dependencies: - dependency-name: h2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Knative Automation <automation@knative.team>
bumping knative.dev/hack 47368d6...1133b37: > 1133b37 Update community files (# 378) Signed-off-by: Knative Automation <automation@knative.team>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add list with OIDC authn supporting eventing components * Fix indent * Remove links to GH pages for channels
Signed-off-by: Knative Automation <automation@knative.team>
* Add the node.js server * Setting up the infrastructure * Update the port of the node application * Add the sinkBinding * Adding the reply feedback loop * Adding the response into the nodejs server * Change the naming convention * Update the index.js to remove the uncessary comments
…sis service (knative#5904) * Adding the knative function build for the sentiment analysis service * Update the sample code, so that the returned result is a cloudEvent * Update the sample code to give a specific event type to the response cloudEvent * Update the tutorial doc * Update the tutorial doc * Remove the docker registry info * Fix nit * Modify the return response type and how python function handle the incoming cloudEvent * Adding the explaination for serving * Unhide the alert box portion * Remove the intentional delay * Remove the duplicated line * Make the input as json instead of plaintext * Update the version of cloudEvent and update the deployment instruction * Update the tutorial to use the public URL instead of cluster-IP * Display the input text in the response
…ode (knative#5947) * Fix the content in the bad word filter knative function code * Remove the unused import * fix: fix the python format by running black
Signed-off-by: Knative Automation <automation@knative.team>
…k workspace (knative#5939) * add tutorial * create workspace docs * Edit img
Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
* document the remaining timeout settings * fix name
Hi @ReToCode! It was my first rebase, I hope I've done everything correctly. |
Let me know whether I can assist with anything! |
@BobyMCbobs I think the work is up for grabs. The PR contains what is done so far, the description should point out the things that are not done yet/not working yet. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This Pull Request is stale because it has been open for 90 days with |
Fixes knative/serving#14566
Proposed Changes
Changes discussed on #5758
Overview
cloudevents-spring -- No Dockerfile (
mvn compile jib:build -Dimage=<image_name>
)cloudevents-vertx -- No Dockerfile (same above)
gitwebhook-go -- OK
grpc-ping-go -- OK (
nonroot
tag specified on distroless image)helloworld-csharp -- OK
helloworld-go -- OK
helloworld-java-spark -- OK
helloworld-java-spring -- OK
helloworld-kotlin -- OK
helloworld-nodejs -- OK
helloworld-php -- OK (I'm not sure if it is the correct way to proceed)
helloworld-python -- OK
helloworld-ruby -- OK
helloworld-scala -- Added non-root user, (curl: (52) Empty reply from server)
helloworld-shell -- Need help, incorrect response
knative-routing-go -- OK (
nonroot
tag specified on distroless image)kong-routing-go -- OK (
nonroot
tag specified on distroless image)servingcontainer -- OK (bump golang to 1.21, fixed
undefined: io.ReadAll
error)sidecarcontainer -- OK (bump golang to 1.21)
secrets-go -- OK
Additional info
Wherever possible, projects were tested with Docker as follows:
Can you please take a look @ReToCode @kauana?