UID of Ambassador image #391
Comments
|
Hey @pdmack, are you on the Ambassador Gitter channel? Seems like it might be useful to chat about this there... |
|
(Meant to comment, not close-and-comment. Sigh.) |
|
coming... |
|
Short version of the discussion we had on Gitter: for this to work, Ambassador needs to work when run as an arbitrary UID with GID 0. More information is here: https://blog.openshift.com/jupyter-on-openshift-part-6-running-as-an-assigned-user-id/ but the short version is that one can rely on group write permissions (how exactly it's "better" to rely on a known group than on a known user I'm not exactly sure ;) ). As an added bonus, fixing this should also fix #199. |
|
@kflynn I have environments by which I can test your PR when ready. At least for OpenShift. ;-) |
|
Collecting all three security issues under #457. |
Some Kube platforms such as OpenShift by default have restricted UID ranges for any new project or namespace, thus necessitating this Kubeflow troubleshooting note.
It would be great if the Ambassador image was modified similar to what the radanalytics.io project has done for some of its images.
/cc @mhausenblas
/cc @tmckayus
/cc @willb
The text was updated successfully, but these errors were encountered: