Comments (12)
I want to do this task. @rmohr
from kubevirt.
I checked haproxy container it does not include useradd and groupadd commands, so maybe it better to leave it as it, without adding some complex stuff.
@rmohr What do you think?
from kubevirt.
@rmohr are you sure to run squid-proxy container as non-root? Cause I tried to change user to 'nobody' and this container won't to start.
from kubevirt.
In general opening a network port less than 1000 requires root privileges. I haven't investigated deeply so that might not have anything to do with it, but it might explain why squid-proxy won't start, @bond95. If that's really what's afoot, then we might need to consider mapping ports as a workaround.
from kubevirt.
@cynepco3hahue @bond95 sorry missed your comments.
If it is too complicated, I would just leave the haproxy container out for now, since we want to switch over to the new aggregated API server soon, where we don't need the proxy anymore.
In general you will find a lot of containers which don't run as root, but they should not. Here is for instance what the haproxy apk does: https://git.alpinelinux.org/cgit/aports/tree/main/haproxy/haproxy.pre-install
I would just install the missing commands, create the user and uninstall them again in the same CMD.
@bond95 I have no idea of the limitations of 'nobody', or what haproxy needs. Do you have a log output?
from kubevirt.
@rmohr not haproxy, but squid-proxy. Logs are empty, and I can't to connect to spice-proxy container with bash or shell, but from time to time it returns rpc error: code = 2 desc = Error response from daemon: {"message":"devmapper: Error activating devmapper device for '26edddfe909cb52e775760ecda031ca23ede63467b757181ca125757066c2223-init': devicemapper: Can't set cookie dm_task_set_cookie failed"}
from kubevirt.
@bond95 there seems to be a bug with devicemapper in centos, could you make sure that you rebase on latest master? We have added a workaround to our deploy scripts: #252
from kubevirt.
@rmohr Thanks for the information, I just did not pay attention to the fact that it is alpine image and not CentOS 😄
from kubevirt.
@rmohr Hi Roman, I have some question about spice-squid container, why do not move Dockerfile(https://github.com/rmohr/docker-spice-squid/blob/master/Dockerfile) to kubevirt repository?
from kubevirt.
We can do that. That would be great. I created it when we did not own the kubevirt namespace in Docker hub.
from kubevirt.
@rmohr Cool I will create a patch for it
from kubevirt.
I think everywhere where it makes sense for now, we achieved that.
from kubevirt.
Related Issues (20)
- Support hotplug filesystem HOT 2
- conformance multiarch image manifest is broken - amd part points to arm build HOT 2
- The downward metrics server allows using more resources than expected HOT 1
- Add the VM CRD to the release artifacts HOT 1
- A potential risk in kubevirt that could lead to takeover of the cluster HOT 5
- cannot migrate VMI: PVC golden-pvc is not shared Error on standalone kuberenetes cluster HOT 2
- k8s v1.25.16 + kubevirt v1.2.0 start vm with error message "{"component":"virt-launcher-monitor","level":"error","msg":"failed to run virt-launcher","pos":"virt-launcher-monitor.go:181","reason":"fork/exec /usr/bin/virt-launcher: operation not permitted","timestamp":"2024-04-18T12:20:11.433951Z"}" HOT 3
- vCPU exposed as threads pinned to non-thread sibling pCPUs on hosts without SMT when using `dedicatedCpuPlacement` HOT 3
- Extra wrap of the `exec` commands by `virt-probe` in liveness/readiness probes in vm/vmi, booted from DataVolume. HOT 1
- kubevirt v1.1.1 works in k8s v1.25.16 but kubevirt v1.2.0 does not work and return message "{"component":"virt-launcher-monitor","level":"error","msg":"failed to run virt-launcher","pos":"virt-launcher-monitor.go:181","reason":"fork/exec /usr/bin/virt-launcher: operation not permitted","timestamp":"2024-04-18T12:20:11.433951Z"} HOT 3
- Add Compatibility matrix HOT 5
- Cannot create an AMD64 VM on a hybrid AMD+ARM64 cluster HOT 5
- kubevirtv1.2.0 does not work on k8s v1.28.9, when creating a vm reported error message: {"component":"virt-launcher-monitor","level":"error","msg":"failed to run virt-launcher","pos":"virt-launcher-monitor.go:181","reason":"fork/exec /usr/bin/virt-launcher: operation not permitted","timestamp":"2024-04-24T11:53:56.790431Z"} HOT 36
- VirtualMachineInstance create failed HOT 13
- failed to load Boot0001 "UEFI QEMU HARDDISK QM00001 " from PciRoot(0x0)/Pci(0x1F,0x2)/Sata(0x0,0xFFFF,0x0): Not Found
- virtctl console hang all the time HOT 3
- VM metrics should contains the vm and vmi's UUID HOT 6
- hotplugVolume cannot be created??? HOT 2
- Support of running MacroVM on top of a Kubernetes cluster HOT 4
- How to access the virt-launchers libvirt socket for third party applications? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubevirt.