> I am not sure if the fix in
> https://github.com/apache/pulsar/commit/04b5da0f95794259694cc781e8960b7e52fac06b
> is sufficient.
Are you able to describe your concerns so that I can address them?
That commit resolves the upgrade issue because the secret is readable
by any user in the container. S
I am not sure if the fix in
https://github.com/apache/pulsar/commit/04b5da0f95794259694cc781e8960b7e52fac06b
is sufficient.
I would like to see there is at least one integration test that covers
running functions on k8s to ensure we don't break the basic stuff.
- Sijie
On Fri, Jan 7, 2022 at 9:5
> Is Functions being verified?
I discussed this a bit in PR 13376's description and comments, please
let me know if you have additional questions. I haven't done any extra
verification.
Note that since [0] is in both 2.8.x and 2.9.x, the upgrade scenario
that led us to revert the first non-root w
Is Functions being verified?
- Sijie
On Wed, Jan 5, 2022 at 11:26 AM Michael Marshall
wrote:
> PR 13376 is ready for review, PTAL.
>
> What approach should we take regarding docker image size?
> I propose providing a minimal image along with documentation
> on how to add your own debugging tool
PR 13376 is ready for review, PTAL.
What approach should we take regarding docker image size?
I propose providing a minimal image along with documentation
on how to add your own debugging tools. Is that sufficient?
I'd like to include this feature in 2.10.0.
Note that you can test the new docker
Thanks for raising this important topic, Enrico.
> Basically if you are running as non root, you cannot add tools on demand,
> so we need to add basic tools, like netstat/vim/unzip otherwise when
> you have a problem you are trapped.
I agree that running as a non root user presents challenges
Michael,
I would like to add this item to the list
https://github.com/apache/pulsar/pull/10815
Basically if you are running as non root, you cannot add tools on demand,
so we need to add basic tools, like netstat/vim/unzip otherwise when
you have a problem you are trapped.
there are ways to
> 1. Pulsar configuration is read in only from configuration files in
> `/pulsar/conf`. A non root user must be able to update these files to
> have run with custom configuration.
About the configurations, I also see similar require like this lately [0].
IMHO, update any configs without redeploy
All tests are now passing for this PR [0]. I built the docker image
and pushed it to my personal repository to simplify testing [1] for
anyone interested in verifying the changes.
I would like our docker image to be as close to immutable as possible.
As far as I can tell, here are the only reasons
Hi Pulsar Community,
I opened a PR to make our pulsar and pulsar-all docker images non root
and OpenShift compliant [0]. As some may remember, we had issues with
these changes before due to lack of testing. I plan to test thoroughly
before we merge this PR, and it'd be great to have others test to
10 matches
Mail list logo
