Add a non-root image? #172
Comments
cimnine
added
discussion
|
I had to work around this when deploying to a corporate Kubernetes that would not allow images to run as root. Fortunately it was relatively easy to build an image that ran as non-root, and the only issues I ran in to were file system permissions (as mentioned in slack). The first part of fixing it was changing the owner of the netbox folders in /opt and /etc. The only other adjustment I had to make was where the error log was pointing to in the gunicorn configuration file. Rather than deal with any unintended consequences of changing the ownership of /var/log, I moved this to a different location. I'd definitely be interested in an official build for this as it would streamline things immensely in more restrictive environments. |
cimnine
added
help wanted
|
Really happy to see that more people want this. I see @cimnine is also already working on the topic. Thanks a lot for that! |
|
Same problem here. A simple Dockerfile like did the trick for me. |
Hi,
I initially asked in slack why netbox runs as root in the container.
You can find my message and the related thread here: https://networktocode.slack.com/archives/CD23LP8BC/p1571897479036500
TL;DR:
Netbox runs as root inside the container, which is a security risk. Docker can remap host user-id's to container user-id's, via user namespaces. But Kubernetes (which is most likely used in production) does not support this at the moment.
Because of that @cimnine proposed to start a variant of the netbox-container, like with
-ldap.This issue should be seen as a feature-request for the netbox-container.
Also, @cimnine and me wanted to see if this is interesting for more people, to see if it is worth it.
The text was updated successfully, but these errors were encountered: