From fbb841ba8ea8459e981616b1f8f2733281ee6ab0 Mon Sep 17 00:00:00 2001 From: Rishi <117034340+jokestax@users.noreply.github.com> Date: Thu, 6 Feb 2025 21:23:58 +0530 Subject: [PATCH] fix: update Containerfile.controlplane to include the correct binary and run as non-root (#313) ## Description: This PR addresses the issue related to the missing `manager` binary in the Dockerfile and an error encountered due to user permissions in the `deployment.yaml`. 1. **Dockerfile Update:** - The correct binary for `manager` has been added to the Dockerfile as expected in [line 38 of the deployment config](https://github.com/kubernetes-sigs/blixt/blob/427839a319483f958001ba47fa6b073a08ee7755/config/manager/manager.yaml). 2. **Deployment Update:** - Added `runAsUser: 1000` to the `deployment.yaml` to resolve the permission error shown below: ![Permission Error](https://github.com/user-attachments/assets/a7ad7d15-0175-442a-bb0e-d94c4d0563fb) ## Testing To test this change: 1. Clone the repository. 2. Run `make build.image.controlplane`. 3. Create a Kubernetes cluster using either Kind or K3d. 4. Run `kubectl apply -k config/default` to deploy the changes. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build/Containerfile.controlplane | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/build/Containerfile.controlplane b/build/Containerfile.controlplane index 68d88dcf..3f594301 100644 --- a/build/Containerfile.controlplane +++ b/build/Containerfile.controlplane @@ -1,16 +1,28 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx-tools -FROM --platform=$BUILDPLATFORM rust:alpine -ARG TARGETPLATFORM -ARG PROJECT_DIR=/workspace -ARG BUILD_DIR=$PROJECT_DIR/build +FROM --platform=$BUILDPLATFORM rust:alpine AS builder RUN apk add --no-cache clang lld -COPY --from=xx-tools / / WORKDIR /workspace + +COPY --from=xx-tools / / + +ARG TARGETPLATFORM +ARG PROJECT_DIR=/workspace +ARG BUILD_DIR=$PROJECT_DIR/build + RUN --mount=type=bind,source=../controlplane/src/,target=src \ --mount=type=bind,source=../controlplane/Cargo.toml,target=Cargo.toml \ --mount=type=bind,source=../controlplane/Cargo.lock,target=Cargo.lock \ xx-cargo build --release --target-dir $BUILD_DIR && \ xx-verify ./build/$(xx-cargo --print-target-triple)/release/controller + +RUN cp ./build/$(xx-cargo --print-target-triple)/release/controller /workspace/manager + +FROM alpine:latest + +WORKDIR / + +USER 1000:1000 +COPY --from=builder /workspace/manager /manager