Running zookeeper container as 1010 user #125
Description
I am trying to run the zookeeper:latest container in kubernates as 1010 user, using the following statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zookeeper
namespace: default
spec:
podManagementPolicy: Parallel
replicas: 1
selector:
matchLabels:
app: zookeeper
serviceName: zookeeper-headless
template:
metadata:
labels:
app: zookeeper
name: zookeeper
spec:
containers:
- command:
- bash
- -ec
- |
ORD=$(echo `hostname -s` | sed 's/[^0-9]//g')
export ZOO_MY_ID=$((ORD + 1 ))
/docker-entrypoint.sh
zkServer.sh start-foreground
env:
- name: ALLOW_ANONYMOUS_LOGIN
value: "yes"
- name: ZOO_SERVERS
value: server.1=zookeeper-0.zookeeper-headless.default.svc.cluster.local:2888:3888;2181
- name: ZOO_4LW_COMMANDS_WHITELIST
value: srvr, mntr, ruok
image: zookeeper
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /bin/bash
- -c
- echo "ruok" | timeout 2 nc -w 2 localhost 2181 | grep imok
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: zookeeper
ports:
- containerPort: 2181
name: client
protocol: TCP
- containerPort: 2888
name: follower
protocol: TCP
- containerPort: 3888
name: election
protocol: TCP
readinessProbe:
exec:
command:
- /bin/bash
- -c
- echo "ruok" | timeout 2 nc -w 2 localhost 2181 | grep imok
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
memory: 1Gi
requests:
cpu: 10m
memory: 1Gi
restartPolicy: Always
securityContext:
fsGroup: 1010
runAsGroup: 1010
runAsUser: 1010
Expected behavior
start the zookeeper as 1010 user, user 1000 seems to work perfectly fine.
Actual behavior
Fails to start with following error
/docker-entrypoint.sh: line 43: /conf/zoo.cfg: Permission denied
Steps to reproduce the behavior
use the above yaml to and deploy in any k8s cluster
System configuration
windows 10
any k8s cluster