Guilin Exception Request for CCSDK (AWX, Netbox containers run as root)
Name | @Dan Timoney |
Milestone or Requirements Exception? | Requirement |
Project or Requirement Name and JIRA |
Exception required for third party containers AWX and Netbox. |
Milestones affected | N/A
|
Projects affected | N/A
|
Background description | CDS uses third party provided docker containers for AWX and Netbox, which currently run as root. In the case of AWX, this appears to be a known limitation - there are open issues against AWX due to the fact that it must run as root. In the case of Netbox, we might be able to run as a non-root user via security context settings in the corresponding helm charts, but we did not have time in Guilin to test this methodology |
Schedule impact | N/A
|
Recovery plan | For AWX, we need to track progress in the AWX community to resolve their permission issues. For Netbox, we will pursue using security contexts to close this issue.
|
Milestone schedule change | N/A
|
Risk | There does not appear to be a viable path to running AWX as non-root without changes from the AWX community. |
Status | |
Decision |
