knative
Run all knative-sample images as non-root
/area build /kind good-first-issue
Context
Related issues: #14029 / #14168
As part of the effort to enable secure-pod-defaults by default, we must ensure that all knative-sample images run as non-root. This will ensure that if we decide to enable this feature, it won't disrupt installations for folks doing demos, tests, talks, etc. (note that once this feature is activated, all images will be mandated to run as non-root)
What
Ensure that all images used as knative samples are running as non-root. Please see Knative Serving code samples for a list of all images currently used as samples.
We should also highlight this change in the release notes. This will keep the community informed and allow us to collect feedback to determine if activating secure-pod-defaults by default is indeed the way to go.
@kauana I would like to work on this issue. Where can i get started ?
Hello @karthikmurali60, thank you for picking this up! Basically we want to update the knative-sample images from here to run as non-root, so one way is to configure the sample images' Dockerfile (Dockerfile example for helloworld-go) to run as a non-root user.
Hi everyone, I would like to work on this issue.
Are you still working on it, @karthikmurali60?
@kauana can you please review the linked PR - https://github.com/knative/docs/pull/5758 ??
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Yes it does, check out the https://github.com/knative/docs/pull/5794. There are still open tasks to be resolved, but your work could be started from that.