docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon knative

Fix serving samples to run as non-root

Open prushh opened this issue 1 year ago • 14 comments

Fixes knative/serving#14566

Proposed Changes

Changes discussed on #5758

Overview

  • [x] cloudevents-dotnet -- OK
  • [x] cloudevents-go -- OK
  • [x] cloudevents-nodejs -- OK
  • [ ] cloud events-rust -- Need help, build error on L18 (I wasn't able to create the build locally and I tried to do that using multi-stage container)
RUN rustup target add x86_64-unknown-linux-musl && cargo build --target x86_64-unknown-linux-musl --release:
0.370    info: downloading component 'rust-std' for 'x86_64-unknown-linux-musl'
5.900    info: installing component 'rust-std' for 'x86_64-unknown-linux-musl'
7.002    error: failed to parse lock file at: /Cargo.lock
7.002    Caused by:
7.002    invalid serialized PackageId for key `package.dependencies`

  • [x] cloudevents-spring -- No Dockerfile (mvn compile jib:build -Dimage=<image_name>)

  • [x] cloudevents-vertx -- No Dockerfile (same above)

  • [x] gitwebhook-go -- OK

  • [x] grpc-ping-go -- OK (nonroot tag specified on distroless image)

  • [x] helloworld-csharp -- OK

  • [x] helloworld-go -- OK

  • [x] helloworld-java-spark -- OK

  • [x] helloworld-java-spring -- OK

  • [x] helloworld-kotlin -- OK

  • [x] helloworld-nodejs -- OK

  • [x] helloworld-php -- OK (I'm not sure if it is the correct way to proceed)

  • [x] helloworld-python -- OK

  • [x] helloworld-ruby -- OK

  • [x] helloworld-scala -- Added non-root user, (curl: (52) Empty reply from server)

  • [ ] helloworld-shell -- Need help, incorrect response

    <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY><H1>404 Not Found</H1>
The requested URL was not found
</BODY></HTML>

  • [x] knative-routing-go -- OK (nonroot tag specified on distroless image)

  • [x] kong-routing-go -- OK (nonroot tag specified on distroless image)

  • [x] servingcontainer -- OK (bump golang to 1.21, fixed undefined: io.ReadAll error)

  • [x] sidecarcontainer -- OK (bump golang to 1.21)

  • [x] secrets-go -- OK

Additional info

Wherever possible, projects were tested with Docker as follows:

docker buildx build --platform linux/amd64 -t <image> .
docker run -p 8080:8080 <image>

curl -X POST \
  -H "content-type: application/json"  \
  -H "ce-specversion: 1.0"  \
  -H "ce-source: curl-command"  \
  -H "ce-type: curl.demo"  \
  -H "ce-id: 123-abc"  \
  -d '{"name":"Dave"}' \
  localhost:8080
# OR
curl localhost:8080

Can you please take a look @ReToCode @kauana?

prushh avatar Dec 11 '23 21:12 prushh

Deploy Preview for knative ready!

Built without sensitive environment variables

Name Link
Latest commit fc606a056e3273bb2d8d63dc2550ddde1e9625ce
Latest deploy log https://app.netlify.com/sites/knative/deploys/6630a0cfd5383a00080e67d8
Deploy Preview https://deploy-preview-5794--knative.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] avatar Dec 11 '23 21:12 netlify[bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: prushh Once this PR has been reviewed and has the lgtm label, please assign pierdipi for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

knative-prow[bot] avatar Dec 11 '23 21:12 knative-prow[bot]

@ReToCode I will work on the missing fixes as soon as possible 😄

prushh avatar Dec 15 '23 11:12 prushh

Hey @prushh, are you still working on the last fixes?

ReToCode avatar Feb 20 '24 06:02 ReToCode

Hey @ReToCode! Unfortunately not, I am currently busy with university... I don't think I'll be able to work on it before mid-March 😪

prushh avatar Feb 20 '24 07:02 prushh

Ok thanks, no worries, there is no rush on it.

ReToCode avatar Feb 20 '24 12:02 ReToCode

@prushh how are things? Are you still willing to work on this PR?

ReToCode avatar Apr 15 '24 12:04 ReToCode

Hi @ReToCode, sorry for the late reply. I tried many times to build a multi-stage image for cloudevents-rust project, but without success. I found some examples on the net but unfortunately they didn't work. Could we merge this PR and open a new issue for cloudevents-rust and helloworld-shell projects?

prushh avatar Apr 19 '24 06:04 prushh

Yes that is fine, could you please rebase and create the issue with what you found so far?

ReToCode avatar Apr 19 '24 11:04 ReToCode

Hi @ReToCode! It was my first rebase, I hope I've done everything correctly. In the afternoon I should be able to create the issue.

prushh avatar Apr 30 '24 07:04 prushh

Let me know whether I can assist with anything!

BobyMCbobs avatar Jun 06 '24 00:06 BobyMCbobs

@BobyMCbobs I think the work is up for grabs. The PR contains what is done so far, the description should point out the things that are not done yet/not working yet.

ReToCode avatar Jun 06 '24 05:06 ReToCode

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

knative-prow-robot avatar Jul 01 '24 15:07 knative-prow-robot