search

31z4 / zookeeper-docker

Docker image packaging for Apache Zookeeper
MIT License
285 stars 243 forks source link

Running zookeeper container as `1010` user #125

Open amrit-35 opened 3 years ago

amrit-35 commented 3 years ago

I am trying to run the zookeeper:latest container in kubernates as 1010 user, using the following statefulset.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: zookeeper
  namespace: default
spec:
  podManagementPolicy: Parallel
  replicas: 1
  selector:
    matchLabels:
      app: zookeeper
  serviceName: zookeeper-headless
  template:
    metadata:
      labels:
        app: zookeeper
      name: zookeeper
    spec:
      containers:
      - command:
        - bash
        - -ec
        - |
          ORD=$(echo `hostname -s` | sed 's/[^0-9]//g')
          export ZOO_MY_ID=$((ORD + 1 ))
          /docker-entrypoint.sh
          zkServer.sh start-foreground
        env:
        - name: ALLOW_ANONYMOUS_LOGIN
          value: "yes"
        - name: ZOO_SERVERS
          value: server.1=zookeeper-0.zookeeper-headless.default.svc.cluster.local:2888:3888;2181
        - name: ZOO_4LW_COMMANDS_WHITELIST
          value: srvr, mntr, ruok
        image: zookeeper
        imagePullPolicy: IfNotPresent
        livenessProbe:
          exec:
            command:
            - /bin/bash
            - -c
            - echo "ruok" | timeout 2 nc -w 2 localhost 2181 | grep imok
          failureThreshold: 6
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: zookeeper
        ports:
        - containerPort: 2181
          name: client
          protocol: TCP
        - containerPort: 2888
          name: follower
          protocol: TCP
        - containerPort: 3888
          name: election
          protocol: TCP
        readinessProbe:
          exec:
            command:
            - /bin/bash
            - -c
            - echo "ruok" | timeout 2 nc -w 2 localhost 2181 | grep imok
          failureThreshold: 6
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          limits:
            memory: 1Gi
          requests:
            cpu: 10m
            memory: 1Gi
      restartPolicy: Always
      securityContext:
        fsGroup: 1010
        runAsGroup: 1010
        runAsUser: 1010

Expected behavior

start the zookeeper as 1010 user, user 1000 seems to work perfectly fine.

Actual behavior

Fails to start with following error

/docker-entrypoint.sh: line 43: /conf/zoo.cfg: Permission denied

Steps to reproduce the behavior

use the above yaml to and deploy in any k8s cluster

System configuration

windows 10 any k8s cluster

wood-j commented 1 year ago

same issue in zookeeper:3.7.0 arm64