Image extension / fixes
under review
N
Navy Horse
A number of functionalities across the Harness product would benefit from key changes.
- Ability to review / extend the default Harness behaviours (IACM for example to allow additional cli tooling for use on self hosted k8s infrastructure)
- Stop reliance on the "home" folder for all operations - if the home user is not set correctly due to security restrictions and alternate users applied - this results in attempted root file system modification which renders the image useless
- Provide and publicize non-root users outside of key ranges for all functionality (over the reserved user ids up to 1000 at a minimum)
A number of the Harness current offerings do not work for us on our Openshift clusters due to security restrictions particularly with SE lInux contexts
Log In
Prateek Mittal
Hi Nate, Can you describe your use case and which harness component you are deploying on this infrastructure.
Thanks,
Prateek
N
Navy Horse
Prateek Mittal Almost any image that is used for the standard Harness steps, so - like Checkmarx One scan, IACM plugins etc etc, they all fail.
Canny AI
Merged in a post:
Docker Image Users
N
Navy Horse
All images used by the Harness platform should utilize their own non-root user outside of 0-1000 by default and not rely on the home folder of the user (this causes issues when utilizing the 'run as user' functionality if the user doesn't exist)
Using users inside of the 0-1000 range prevents secured infrastructures from using the harness default images and forces customization
Prateek Mittal
under review