Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image uses a numeric user ID #168617

Merged
merged 3 commits into from
Oct 15, 2023
Merged

Docker image uses a numeric user ID #168617

merged 3 commits into from
Oct 15, 2023

Conversation

rhr323
Copy link
Contributor

@rhr323 rhr323 commented Oct 11, 2023

Summary

Running the Kibana docker image on kubernetes with runAsRoot set to false results in:

Error: container has runAsNonRoot and image has non-numeric user (kibana), cannot verify user is non-root (pod: "...", container: ...)

This PR changes the Dockerfile so it uses a numeric user ID (1000), similarly to Elasticsearch.

Checklist

n/a

Risk Matrix

n/a

For maintainers

@rhr323 rhr323 requested a review from a team as a code owner October 11, 2023 14:57
@rhr323 rhr323 force-pushed the cp-2751-docker-image-uses-numeric-userid branch from 8f1884c to c455b9a Compare October 11, 2023 14:58
@rhr323 rhr323 added the release_note:skip Skip the PR/issue when compiling release notes label Oct 11, 2023
@mistic
Copy link
Member

mistic commented Oct 11, 2023

Just double checking this change with @jbudz . Jon, can you think about something that could be broken by this?

@rhr323
Copy link
Contributor Author

rhr323 commented Oct 12, 2023

Thanks @mistic! Is there a way to build the image from this PR? I'd be happy to test the change in a serverless environment, once I have the image available.

@Ikuni17
Copy link
Contributor

Ikuni17 commented Oct 12, 2023

@rhr323 I added the label to build a serverless image and triggered a new build. kibana-ci will comment with the image url and it will be available at the top of BK build.

@rhr323
Copy link
Contributor Author

rhr323 commented Oct 12, 2023

Tested in my serverless dev env:

$ kubectl get pods
NAME                                     READY   STATUS      RESTARTS   AGE
es-es-index-7b7d5f9dcc-87z7b             1/1     Running     0          147m
es-es-ml-667b6f7575-7fm4r                1/1     Running     0          147m
es-es-search-748d4847d-k2q9h             1/1     Running     0          147m
kb-background-tasks-kb-cc7ddd45d-4fhgl   1/1     Running     0          20m
kb-migrator-kb-msnd4                     0/1     Completed   0          19m
kb-ui-kb-57f464d-jh9st                   1/1     Running     0          20m

$ kubectl describe pod kb-ui-kb-57f464d-jh9st | grep Image:
    Image:         docker.elastic.co/kibana-ci/kibana-serverless:pr-168617-82249c51fb7e
    Image:         docker.elastic.co/kibana-ci/kibana-serverless:pr-168617-82249c51fb7e
    Image:          docker.elastic.co/kibana-ci/kibana-serverless:pr-168617-82249c51fb7e

Everything seems to work fine, I created an alert connector + sample alert for testing, no issues observed.

@kibana-ci
Copy link
Collaborator

kibana-ci commented Oct 13, 2023
edited
Loading

💛 Build succeeded, but was flaky

  • Buildkite Build
  • Commit: 7790fdc
  • Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-168617-7790fdc6febb

Failed CI Steps

Metrics [docs]

Canvas Sharable Runtime

The Canvas "shareable runtime" is an bundle produced to enable running Canvas workpads outside of Kibana. This bundle is included in third-party webpages that embed canvas and therefor should be as slim as possible.

id before after diff
module count - 5596 +5596
total size - 5.9MB +5.9MB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rhr323 rhr323 merged commit 753a584 into elastic:main Oct 15, 2023
@rhr323 rhr323 deleted the cp-2751-docker-image-uses-numeric-userid branch October 15, 2023 21:58
@kibanamachine kibanamachine added v8.12.0 backport:skip This commit does not require backporting labels Oct 15, 2023
dej611 pushed a commit to dej611/kibana that referenced this pull request Oct 17, 2023
@rhr323 @Ikuni17 @dej611
Docker image uses a numeric user ID (elastic#168617)
45d8c1a 
Co-authored-by: Brad White <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ikuni17 Ikuni17 Ikuni17 approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting ci:build-serverless-image release_note:skip Skip the PR/issue when compiling release notes v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rhr323 @mistic @Ikuni17 @kibana-ci @kibanamachine