search

graphite-project / graphite-web

A highly scalable real-time graphing system
http://graphite.readthedocs.org/
Apache License 2.0
5.88k stars 1.26k forks source link

Unable to run Graphite without root privlidges #2764

Closed jacksbarry closed 1 year ago

jacksbarry commented 2 years ago

We're trying to run graphite in an environment where we don't have root privileges. This is a security constraint that we have. We are using k8s and setting our readOnlyRootFileSystem to true which causes all the issues.

This can be reproduced by setting the readOnlyRootFileSystem to true when deploying to k8s.

We would expect Graphite to be able to run without root permissions.

Environment Ubuntu 20.04.2 LTS (Focal Fossa) Graphite 1.1.7-6

deniszh commented 2 years ago

Hi @jacksbarry

This repo contains no docker image, so, I think you mean https://github.com/graphite-project/docker-graphite-statsd. But docker-graphite-statsd running all components in same image, so, contains init.d-like demon which starts other processes and kinda require super privileges.

We had issue about that, but as I said unfortunately image need to be split to run separate components of Graphite. I had no intention to spend time on that split image project, but we will accept PRs if you want to implement that.

Another option - you can use same image as base but create set of images which will start required components of Graphite w/o root privileges.

deniszh commented 2 years ago

Added more clarification to README - https://github.com/graphite-project/docker-graphite-statsd#about-root-process

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.