krakend/krakend-documentation

k8s related docs

samstride opened this issue · 0 comments

Hi,

Few things I noticed about k8s docs that probably needs to be reviewed/updated.

https://www.krakend.io/docs/deploying/kubernetes/ states that UID 1000 needs to be used. However, the docker build guideline does not set the user. I think we should add the appropriate USER to the Dockerfile. Otherwise with a k8s PSA of restricted the container runs into permission errors.

FROM devopsfaith/krakend:2.3.2 as builder
ARG ENV=prod

USER 1000
.
.
.

Next, NET_BIND_SERVICE is only needed if ports <1024 are used. I think with security in mind, I think that privilege needs to be dropped.

Thanks.