APISIX and APISIX-ingress containers to work without anyuid SCC#612
APISIX and APISIX-ingress containers to work without anyuid SCC#612Vishva066 wants to merge 1 commit intoapache:masterfrom
Conversation
…APISIX to run in Openshift instead of anyuid command
|
Hi @Vishva066, do Dockerfiles for other image types need to be modified? |
|
Yes for the other os also it needs to be updated. I thought this is the mostly used docker files so I updated it first. I can also update the other docker files also |
|
This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time ordiscuss it on the dev@apisix.apache.org list. Thank you for your contributions. |
|
Hi @Vishva066, following up on the previous comments. Please let us know if you have any updates. Thank you. |
|
I can complete it over the weekend for other OS also |
2 participants
This pull request improves the security and consistency of the Docker images by updating user and group permissions for the
apisixdirectory in both thedebiananddebian-devDockerfiles.The main changes ensure that the container runs as a non-root user and that directory permissions are set appropriately for group access.
Dockerfile permission and user management updates:
/usr/local/apisixto group ID 0 and set group permissions to match user permissions, improving compatibility with OpenShift and similar environments (debian/Dockerfile,debian-dev/Dockerfile). [1] [2]debian-dev/Dockerfile, explicitly added creation of theapisixsystem group and user, set ownership and permissions for/usr/local/apisix, and switched to running the container as theapisixuser.This PR closes #611