Skip to content

Commit

Permalink
fix: updated rock with new non-root user config
Browse files Browse the repository at this point in the history
canonical/seldon-core-operator#133

Summary of changes:
- Updated rockcraft.yaml with new run-user option to run as non-root.
- Updated import procedure.
  • Loading branch information
Ivan Chvets committed Jun 14, 2023
1 parent db62370 commit dc8a38a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 14 deletions.
14 changes: 1 addition & 13 deletions seldon-core-operator/rockcraft.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ version: v1.15.0_22.04_1 # version format: <KF-upstream-version>_<base-version>_
license: Apache-2.0
build-base: ubuntu:22.04
base: bare
run-user: _daemon_
services:
seldon-core:
override: replace
summary: "seldon-core service"
startup: enabled
user: ubuntu
command: "/manager --enable-leader-election --webhook-port 4443"
platforms:
amd64:
Expand Down Expand Up @@ -99,18 +99,6 @@ parts:
wget -qO mitchellh-gox.tar.gz https://github.com/mitchellh/gox/archive/master.tar.gz
wget -qO mozilla-tls-observatory.tar.gz https://github.com/mozilla/tls-observatory/archive/master.tar.gz
non-root-user:
plugin: nil
overlay-script: |
# Create a user in the $CRAFT_OVERLAY chroot
mkdir -p $CRAFT_OVERLAY/etc
chmod 755 $CRAFT_OVERLAY/etc
groupadd -R $CRAFT_OVERLAY -g 1001 ubuntu
useradd -R $CRAFT_OVERLAY -M -r -u 1001 -g ubuntu ubuntu
override-prime: |
craftctl default
chown -R 1001:1001 tmp/operator-resources
security-team-requirement:
plugin: nil
after: [seldon-core-operator, mpl-deps]
Expand Down
2 changes: 1 addition & 1 deletion seldon-core-operator/tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ commands =
print(CheckRock("rockcraft.yaml").get_version())'\'') && \
sudo skopeo --insecure-policy copy oci-archive:$ROCK.rock docker-daemon:$ROCK:$VERSION && \
docker save $ROCK > $ROCK.tar && \
microk8s ctr image import $ROCK.tar && \
microk8s ctr image import $ROCK.tar --digests=true && \
# replace upstream-source with local ROCK image \
yq e -i ".resources.oci-image.upstream-source=\"$ROCK:$VERSION\"" {env:LOCAL_CHARM_DIR}/metadata.yaml'
# run charm integration test with rock
Expand Down

0 comments on commit dc8a38a

Please sign in to comment.