From 01941d6b2a6be6ff7ceb66840bbe24e27940c27c Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Tue, 10 Nov 2020 09:27:44 -0800 Subject: [PATCH] Run Tilt containers as root because live-reload breaks otherwise --- hack/lib/tilt/concierge.Dockerfile | 4 +++- hack/lib/tilt/local-user-authenticator.Dockerfile | 4 +++- hack/lib/tilt/supervisor.Dockerfile | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/hack/lib/tilt/concierge.Dockerfile b/hack/lib/tilt/concierge.Dockerfile index 4ff460fa..c2927bdf 100644 --- a/hack/lib/tilt/concierge.Dockerfile +++ b/hack/lib/tilt/concierge.Dockerfile @@ -11,7 +11,9 @@ COPY build/pinniped-concierge /usr/local/bin/pinniped-concierge EXPOSE 8443 # Run as non-root for security posture -USER 1001:1001 +# Commented out because it breaks the live-reload feature of Tilt. See https://github.com/tilt-dev/tilt/issues/2300 +# Be aware that this creates a significant difference between running with Tilt and running otherwise. +#USER 1001:1001 # Set the entrypoint ENTRYPOINT ["/usr/local/bin/pinniped-concierge"] diff --git a/hack/lib/tilt/local-user-authenticator.Dockerfile b/hack/lib/tilt/local-user-authenticator.Dockerfile index 548328fa..b63a212a 100644 --- a/hack/lib/tilt/local-user-authenticator.Dockerfile +++ b/hack/lib/tilt/local-user-authenticator.Dockerfile @@ -11,7 +11,9 @@ COPY build/local-user-authenticator /usr/local/bin/local-user-authenticator EXPOSE 8443 # Run as non-root for security posture -USER 1001:1001 +# Commented out because it breaks the live-reload feature of Tilt. See https://github.com/tilt-dev/tilt/issues/2300 +# Be aware that this creates a significant difference between running with Tilt and running otherwise. +#USER 1001:1001 # Set the entrypoint ENTRYPOINT ["/usr/local/bin/local-user-authenticator"] diff --git a/hack/lib/tilt/supervisor.Dockerfile b/hack/lib/tilt/supervisor.Dockerfile index a9d7a369..c47e2f23 100644 --- a/hack/lib/tilt/supervisor.Dockerfile +++ b/hack/lib/tilt/supervisor.Dockerfile @@ -11,7 +11,9 @@ COPY build/pinniped-supervisor /usr/local/bin/pinniped-supervisor EXPOSE 8080 8443 # Run as non-root for security posture -USER 1001:1001 +# Commented out because it breaks the live-reload feature of Tilt. See https://github.com/tilt-dev/tilt/issues/2300 +# Be aware that this creates a significant difference between running with Tilt and running otherwise. +#USER 1001:1001 # Set the entrypoint ENTRYPOINT ["/usr/local/bin/pinniped-supervisor"]