-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch container image to nginx-unprivileged #20627
Conversation
Signed-off-by: Silvio Ankermann <silvio@booq.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks fine, though the port change means we need to communicate this in advance. Will talk to the app team about this.
Any news? This would make it possible to run in constrainted environments (e.g. OpenShift). |
According to the image docs
We can revert back to port 80 to minimise the migration risk or provide two versions of the image as per your suggestion
|
|
1 similar comment
|
Thanks for the contribution, and sorry for letting this sit for two years without progress. I talked to the team about this today, and we aren't happy to land it as-is, due to the fact it changes behaviour in an incompatible way. As an alternative, I've created #28849 which I hope will achieve the same result without breaking backwards compatibility,. |
This is another take on #17927 which was reverted in #17990. I'm approaching this by using the alpine version of the [official nginx-unprivileged image]
Fixes #25926
(https://hub.docker.com/r/nginxinc/nginx-unprivileged) which uses port 8080 by default.
Why use an unprivileged container?
Changes in this PR:
nginxinc/nginx-unprivileged
/app
8080
I understand that there might be concern that changing the container port could break existing deployments. I can see multiple ways to deal with this:
v1.9.9
andv1.9.9-unprivileged
. Optionally, there could be a deprecation phase after which there won't be any root-versions anymore.This PR currently has none of the required changelog labels.
A reviewer can add one of:
T-Deprecation
,T-Enhancement
,T-Defect
,T-Task
to indicate what type of change this is, or addType: [enhancement/defect/task]
to the description and I'll add them for you.