Comments (3)
Thanks for reporting @KlavsKlavsen. These suggested settings were generated by the helm chart, but they aren't actually supported (I've never tested them). Yetibot requires write access for logging, at the very least. That can be disabled though.
Do you think it's an important feature? We could see if it works with logging disabled.
from yetibot.
@devth It is a HUGE security feature to make the process run as none-root.. in OpenShift you aren't even allowed do run a docker instance that doesn't work running as not-root - and with good reason. Many docker/pod escapes only works if the process inside runs as root.. So if this can be disabled, it greatly increases k8s security level for the pod (minimizing chance of escape greatly).
Here's one example: https://medium.com/@DahlitzF/run-python-applications-as-non-root-user-in-docker-containers-by-example-cba46a0ff384 (for python process - its even simpler for a GO application :)
and as to readonlyfilesystem - the norm is to log to stdout/stderr - removing the need for logging to the filesystem - to avoid the need for write access (and hence an attack on code inside pod/container can't actually write anything to the container.. which is often a huge part of subverting/attacking a service.
from yetibot.
The rolling log appender can be disabled. Looks like this config option wasn't documented, but I added it in yetibot/core@254da5c.
Agree on the standard to log to stdout/stderr in container environments. I just disabled it by default in the Helm chart: yetibot/yetibot-helm@988fd7d...a115098
Thanks for brining up running as non root. Agree we should support this.
from yetibot.
Related Issues (20)
- Can we configure yetibot to respond to certain phrases in a channel? Similar to what happens now with yubikey passcode pasted on channel
- Need "label" add and delete functionality in jira command
- Support for jira epics creation
- a way to remove keys on 'my' command HOT 3
- prevent multiple values for a given key in 'my' command
- remove outdated config link in readme
- Consider switching to Finnhub
- Query for `our` is broken HOT 6
- Add air quality to weather command
- Dynamic loading of Yetibot plugins
- github issues support
- Allow user to specify repo information for dynamically loaded plugins
- Create a lein-parent project for yetibot plugins HOT 2
- mattermost login problem HOT 2
- Interview partners for research about communication in GitHub projects wanted
- Slack alias triggers a gif response from Yetibot HOT 2
- Jira Observer Stuck in Infinite Loop
- Room is always "#" in chat source for Slack HOT 1
- Add support for slack /yetibot commands
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yetibot.