Closed NathalieNX closed 3 years ago
Hi @NathalieNX, Thanks for raising this issue but I need some details about the context:
Thanks for the questions :
charts/meilisearch/Chart.yaml
) $ kubectl exec -it test-ms-local-meilisearch-0 -- sh
/ # ls -la
total 301348
drwxr-xr-x 1 root root 4096 May 10 16:09 .
drwxr-xr-x 1 root root 4096 May 10 16:09 ..
-rwxr-xr-x 1 root root 0 May 10 16:09 .dockerenv
drwxr-xr-x 2 root root 4096 Apr 23 2020 bin
drwxr-xr-x 4 root root 4096 May 10 16:09 data.ms
drwxr-xr-x 5 root root 360 May 10 16:09 dev
drwxr-xr-x 1 root root 4096 May 10 16:09 etc
drwxr-xr-x 2 root root 4096 Apr 23 2020 home
drwxr-xr-x 1 root root 4096 Apr 23 2020 lib
drwxr-xr-x 5 root root 4096 Apr 23 2020 media
-rwxr-xr-x 1 root root 308505312 Feb 9 15:01 meilisearch
drwxr-xr-x 2 root root 4096 Apr 23 2020 mnt
drwxr-xr-x 2 root root 4096 Apr 23 2020 opt
dr-xr-xr-x 218 root root 0 May 10 16:09 proc
drwx------ 1 root root 4096 May 11 09:59 root
drwxr-xr-x 1 root root 4096 May 10 16:09 run
drwxr-xr-x 1 root root 4096 Feb 9 15:02 sbin
drwxr-xr-x 2 root root 4096 Apr 23 2020 srv
dr-xr-xr-x 13 root root 0 May 10 16:09 sys
drwxrwxrwt 2 root root 4096 Apr 23 2020 tmp
drwxr-xr-x 1 root root 4096 Apr 23 2020 usr
drwxr-xr-x 11 root root 4096 Apr 23 2020 var
I hope this helps, please tell me if you need more details.
Hi @NathalieNX,
Thanks for your info. Everything looks good to me. meilisearch
will never need root rights to run just write rights.
So I guess the problem came from the fact that in Openshift the image is built as root and needs to run as the root user.
But I suppose recommended best practice is to avoid containers that need to run as root.
Hope this will help you
I'm closing this issue because it is outdated. Feel free to reopen it if you need it.
We are using Openshift, and none of the pods have root access (for security reasons). This means the line in the Dockerfile
CMD ["/bin/sh" "-c" "./meilisearch"]
fails with messageError: Permission denied (os error 13)
, and the meilisearch fails with aCrashLoopBackoff
error.We were able to reproduce this behavior by creating a debug pod and running the command with the same result :
Do you know why root access is needed for this operation ? Do you know of any workarounds ? Thanks in advance.