You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Thomas Decaux (Jira)" <ji...@apache.org> on 2022/06/03 08:59:00 UTC
[jira] [Created] (ZEPPELIN-5747) Docker image is missing a zeppelin user
Thomas Decaux created ZEPPELIN-5747:
---------------------------------------
Summary: Docker image is missing a zeppelin user
Key: ZEPPELIN-5747
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5747
Project: Zeppelin
Issue Type: Improvement
Components: docker
Affects Versions: 0.10.1
Reporter: Thomas Decaux
h3. Problem
The Docker image dont define any user.
Run as "no root" is a best practice to run container, especially on kubernetes with securityContext, such as :
{code:java}
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000 {code}
Zeppelin will run fine, but spark will not:
{code:java}
org.apache.hadoop.security.KerberosAuthException: failure to login: javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input: name
at com.sun.security.auth.UnixPrincipal.<init>(UnixPrincipal.java:71) {code}
h3. Solution
The Dockerfile should create a "zeppelin" user, with home = "/opt/zeppelin", uid = 1000
h3. Workaround
On kubernetes, it's possible to share a volume mounted as /etc/passwd and use an initContainer to add the user.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)