Hi,
as part of building the Hono Docker images we are currently creating a "hono" (system) user which we also use to run the container (by means of Dockerfile's USER hono). However, container orchestration platforms like Openshift usually have their own means
to prevent containers from being run as root, e.g. by creating a temporary user and running the container under that user (docker run --user UID:GID). In such cases we would probably interfere with such efforts, in particular when it comes to managing access
to file system resources.
I therefore currently tend to remove the special "hono" user from our images and let the container orchestration platform take care of switching to a less priviledged user (if required/wanted).
Any thoughts on that?
--
Mit freundlichen Grüßen / Best regards
Kai Hudalla
Chief Software Architect
Bosch Software Innovations GmbH
Ullsteinstraße 128
12109 Berlin
GERMANY
www.bosch-si.com
Registered Office: Berlin, Registration Court: Amtsgericht Charlottenburg; HRB 148411 B
Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke; Managing Directors: Dr.-Ing. Rainer Kallenbach, Michael Hahn