change Docker image to run as nonroot for k8s clusters restricting to runAsNonRoot#515
change Docker image to run as nonroot for k8s clusters restricting to runAsNonRoot#515
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughBoth Dockerfiles were changed to set file ownership during copy and to run subsequent stages as non-root users. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@operator/Dockerfile.alpine`:
- Around line 18-23: The COPY step copies /operator-build/workspace to
/autoinstrumentation as root, then USER 65534:65534 is set and RUN chmod -R go+r
/autoinstrumentation will fail; fix by either adding --chown=65534:65534 to the
COPY --from=build /operator-build/workspace /autoinstrumentation command so
files are owned by UID:GID 65534, or move the RUN chmod -R go+r
/autoinstrumentation before the USER 65534:65534 line (ensuring the chmod runs
as root).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 41470151-8417-47cf-ad36-8ac447605581
📒 Files selected for processing (2)
operator/Dockerfileoperator/Dockerfile.alpine
2 participants
Refs: elastic/elastic-otel-node#1398