I agree with you. The entrypoint script should be bundled in the image and documented in a way that users must be able to customize it.

Since you are already working on that PR, I'd suggest you make that change and I'll work with the image builders to accept that change.

On Fri, Jul 2, 2021 at 5:45 PM Ke Zhu <kzhu@us.ibm.com> wrote:
Ricardo,

Thanks for the reply.

Like what I asked in https://github.com/RedHatInsights/ubi-hive/issues/8#issuecomment-870040679 I’m aware of the guidelines of container images for OpenShift must support any UID and using GID 0.

I like the solution of providing username in /etc/passwd via an entrypoint.sh, the only problem is this entrypoint.sh is provided in another repo or any other repo that uses this UBI-hive.

According to my use case where it uses hive-metastore to store table schema and partitions info for Trino, I’m using the entrypoint.sh solution now, I wonder if it’s a good idea to provide such entrypoint.sh within the image itself, or at least document it that it needs to provide a username for the java process or it won’t function.

On Jul 2, 2021, at 10:00 AM, Ricardo Martinelli de Oliveira <rmartine@redhat.com> wrote:

This Message Is From an External Sender
This message came from outside your organization.
Hello Ke,

Can you share your use-case for the ubi-hive image? What problem are you facing?

When creating images to run on top of OpenShift, we follow some guidelines[1] to improve security in the deployments. Explicitly assigning a username is not a good practice because of the random UIDs that can be assigned to the container running on OpenShift, and thus adding an entry in /etc/passwd from an entrypoint script is the solution for processes that need a name assigned to a UID. Due to this, I think your change won't be accepted by the ubi-hive developers. That being said, though we use their image with Trino, they are not part of the ODH community.

Hope that helps.



On Thu, Jul 1, 2021 at 6:21 PM Ke Zhu <kzhu@us.ibm.com> wrote:
I’ve followed the comments of https://github.com/opendatahub-io/odh-images/issues/2 to use UBI images for both Hive and Trino. But don’t get any attention on https://github.com/RedHatInsights/ubi-hive/issues/8 nor https://github.com/RedHatInsights/ubi-hive/pull/9

So I wonder what’s the suggested way to update these images? 

_______________________________________________
Users mailing list -- users@lists.opendatahub.io
To unsubscribe send an email to users-leave@lists.opendatahub.io


-- 
Ricardo Martinelli De Oliveira
Senior Software Engineer, AI CoE

Red Hat Brazil

Av. Brigadeiro Faria Lima, 3900
8th floor
rmartine@redhat.com    T: +551135426125    
M: +5511970696531    



--

Ricardo Martinelli De Oliveira

Senior Software Engineer, AI CoE

Red Hat Brazil

Av. Brigadeiro Faria Lima, 3900

8th floor

rmartine@redhat.com    T: +551135426125    
M: +5511970696531