Comments (10)
This is view from inside the container:
root 1 0.0 0.0 1228052 4240 ? Ssl 08:19 0:00 /start web
herokui+ 14 0.0 0.9 1171488 73588 ? Sl 08:19 0:00 npm start
herokui+ 165 0.0 0.0 2892 960 ? S 08:20 0:00 sh -c node index.js
herokui+ 166 0.0 0.6 992052 50476 ? Sl 08:20 0:00 node index.js
root 199 0.0 0.0 4628 3908 pts/0 Ss 08:31 0:00 bash
root 212 0.0 0.0 7064 1604 pts/0 R+ 08:31 0:00 ps aux
from dokku.
Regarding herokuish, its probably possible to change things to be as you said without any drawbacks. Dokku doesn't necessarily require root permissions at runtime - build processes within the container might, but thats a separate conversation.
If you have a specific set of changes you'd like to see done, the changes are probably split between the herokuish repo - to change the default CMD on the herokuish images for instances - and here in Dokku. Could you outline specific changes you'd want to see, and are you interested in contributing those changes?
from dokku.
The goal is to have rootless Dokku/Herokuish containers compatible with PSS (at Kubernetes). It's beneficial for Docker containers, too.
I am reviewing what exactly Herokuish images require to change. I'm happy to participate/contribute.
from dokku.
So I've checked the herokuish
what exactly does it - do you want me to keep this posted here or as a separate bug request under herokuish repo?
The app containers built by the herokuish buildpacks should be immutable. Currently, they are not.
I have a set of changes to propose. Some of them are currently in my copy of the repo :)
from dokku.
Mind if we take this conversation to slack or discord? Might be better to coordinate there before committing to any larger changes :)
from dokku.
Mind if we take this conversation to slack or discord? Might be better to coordinate there before committing to any larger changes :)
Yeah, the link to Slack gives me CF error:
Error 1014 Ray ID: 85b171c738c241de • 2024-02-25 16:49:56 UTC
CNAME Cross-User Banned
from dokku.
Looks like the provider we use for the inviter broke recently. I'll fix our invite link this week if they can't, but mind trying discord for now?
from dokku.
I also sent you an invite manually to the email on your github account to the slack.
from dokku.
I also sent you an invite manually to the email on your github account to the slack.
Cool, thanks. Joined.
from dokku.
Part of this is implemented here, but I think the big ask here by @taraszka is to ensure we can enable Kubernetes PSP on a cluster. Most of the work should happen downstream in herokuish here so I'm going to close this for now.
That said, if there are specific things we can/should enable, please file a ticket for those. "Rootless containers" is pretty big and vague, and I'd rather avoid this kind of ticket since they tend to run for a long time without any clear path to resolution.
from dokku.
Related Issues (20)
- End phase of deploy: Unable to rename container HOT 18
- Unable to update from version 0.19.9
- Dokku reports "zero downtime is disabled" when it is in fact enabled HOT 12
- Cannot destroy an old app with a colon in the name HOT 6
- Cron jobs failing with setuidgid: fatal: unable to run --: file does not exis HOT 2
- Worker automatically exit after some time without restarting HOT 2
- Dokku website not reachable from ipv6-only machine HOT 9
- Log tailing with `dokku logs -t [<app>]` failed to display latest log output HOT 10
- --force-tty cannot be used with run:detached HOT 1
- k3s scheduler: ability to add extra labels HOT 3
- Supporting `underscores_in_headers` nginx property
- logrotate of vector-logs permission denied on log sink file HOT 5
- How to Host Express Server With Static Files Served From NGINX? HOT 1
- `cron:set` is not a dokku command HOT 4
- dokku buildpacks:remove my-special-app --index 1 doesn't seem to work HOT 3
- git:from-image does not update the image in /var/lib/dokku/data/git/appName/Dockerfile HOT 9
- Clarify ssh-keys commands to run when adding ssh keys in docker-based installation HOT 1
- Clarify in k3s documentation that a registry is required HOT 4
- `git:sync` fails with “trying to write non-commit object” HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dokku.