docker-builds icon indicating copy to clipboard operation
docker-builds copied to clipboard
verified publisher icon temporalio

Use uid 2000, not 1000, for GKE compatibility

Open smcgivern opened this issue 1 year ago • 3 comments

On GCP (and hence GKE), user IDs in the range 2000 to 4999 are available for custom users: https://cloud.google.com/container-optimized-os/docs/how-to/create-configure-instance#using_cloud-init_with_the_cloud_config_format

Choose an ID from the [2000, 4999] range to avoid collision with other user accounts.

This lets us use runAsNonRoot / runAsUser in a Kubernetes deployment, and I don't think (I hope?) most people won't care that the user ID changed.

Happy to just do this ourselves if we need to, but I figured it was worth a try upstream 🙂

smcgivern avatar Sep 20 '24 09:09 smcgivern

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Sep 20 '24 10:09 CLAassistant

My impression is that whichever we use we are outside of some providers acceptable ranges, but I'll do some more research here.

robholland avatar Sep 26 '24 16:09 robholland

Yes, frustratingly I can't actually find a good list - even GCP doesn't have this documented particularly well.

smcgivern avatar Sep 30 '24 14:09 smcgivern

I'm going to mark this wontfix for now, I don't think there is a safe range that works on all providers.

robholland avatar Oct 17 '24 16:10 robholland