You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/06/09 16:17:43 UTC
[GitHub] [pulsar] grzegorz-moto opened a new issue #7210: unable to run on rootless kubernetess
grzegorz-moto opened a new issue #7210:
URL: https://github.com/apache/pulsar/issues/7210
Trying to deploy to (generic) kubernetes cluster and following the documentation: http://pulsar.apache.org/docs/v1.22.0-incubating/deployment/Kubernetes/ to deploy zookeepe first I'm getting an error because my cluster is configured to only allow images without root user
> Error: container has runAsNonRoot and image will run as root
I tried to modify deployment zookeeper.yaml with
```
securityContext:
runAsUser: 1000
```
building new Docker image using this simple Dockerfile:
```
```
[conf/pulsar_env.sh] Applying config PULSAR_GC = " -XX:+UseG1GC -XX:MaxGCPauseMillis=10"
[conf/pulsar_env.sh] Applying config PULSAR_MEM = " -Xms100m -Xmx256m "
Traceback (most recent call last):
File "bin/apply-config-from-env.py", line 73, in <module>
f = open(conf_filename, 'w')
IOError: [Errno 13] Permission denied: 'conf/pulsar_env.sh'
```
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: [e.g. iOS]
**Additional context**
Add any other context about the problem here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #7210: unable to run on rootless kubernetess
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #7210:
URL: https://github.com/apache/pulsar/issues/7210#issuecomment-641670242
@jiazhai
https://github.com/apache/pulsar/commit/2df0e23d8b2bbbb57af1d3f1a0f8aa31b1a4af9b
https://github.com/apache/pulsar/commit/e8aec22cfa8d96a8a1efe729ecaad9e6d5dedf38
I think I made the changes back in 2018. Not sure why they were overwritten. You can use these two commits as references to fix the issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] grzegorz-moto commented on issue #7210: unable to run on rootless kubernetess
Posted by GitBox <gi...@apache.org>.
grzegorz-moto commented on issue #7210:
URL: https://github.com/apache/pulsar/issues/7210#issuecomment-644197560
Sure I can file a PR with the pulsar docker change however it is just the first step to make it possible to deploy pulsar in cluster user space. For example pulsar_manager and other monitoring services seems to rely on container root user and cluster admin privileges
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] grzegorz-moto commented on issue #7210: unable to run on rootless kubernetess
Posted by GitBox <gi...@apache.org>.
grzegorz-moto commented on issue #7210:
URL: https://github.com/apache/pulsar/issues/7210#issuecomment-642030804
Documentation is not a main issue here - the pulsar-all(and others) docker image, created as is, won't be able to deploy to work in rootless environment.
As I stated before: the most trouble-making thing is the `VOLUME` statement (https://github.com/apache/pulsar/blob/master/docker/pulsar/Dockerfile#L65) which makes `/pulsar/conf` and `/pulsar/data` access permissions impossible to modify later on.
Removing that line (or better replacing with `RUN chmod -R a+w /pulsar/{conf,data}`) and rebuilding docker images made it possible to run services as a non-root user (id:1000)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #7210: unable to run on rootless kubernetess
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #7210:
URL: https://github.com/apache/pulsar/issues/7210#issuecomment-641669505
@grzegorz-moto you were reading a pretty old version of Pulsar. Pulsar has already evolved to 2.5.2 release. Can you please check the latest documentation http://pulsar.apache.org/docs/en/kubernetes-helm/?
@jiazhai At the same time, we should look into redirecting the old versions of documentation to the newer version.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #7210: unable to run on rootless kubernetess
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #7210:
URL: https://github.com/apache/pulsar/issues/7210#issuecomment-642138108
@grzegorz-moto I see. Are you interested in contributing a bugfix to this issue?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org