search

openziti / ziti-browzer-bootstrapper

Apache License 2.0
12 stars 4 forks source link

Not starting as pod in kubernetes #279

Open marvkis opened 4 months ago

marvkis commented 4 months ago

Hi,

I try to start the browzer-bootstrapper as a pod in a kubernetes infrastructure.

It fails with this message on the console:

{"timestamp": "2024-06-23T06:46:54.187Z", "level": "info", "message":  "ZITI_BROWZER_BOOTSTRAPPER_LOG_PATH is null"}
/home/node/ziti-browzer-bootstrapper/index.js:921
    logger.error( e );
           ^

TypeError: Cannot read properties of undefined (reading 'error')
    at process.<anonymous> (/home/node/ziti-browzer-bootstrapper/index.js:921:12)
    at process.emit (node:events:513:28)
    at process._fatalException (node:internal/process/execution:149:25)

I have oriented myself for the deployment in kubernetes on dovholuknf docker compose and set the user in the security context:

  securityContext:
    fsGroup: 2171
    runAsGroup: 2171
    runAsUser: 1000

Initial investigation

Currently I assume it fails to initialize the logger - I think it fails to create the log folder here. It seems the permissions of the ziti-browzer-bootstrapper folder are wrong:

node@ziti-browzer-browzer-bootstrapper-65567b58f-tvmkc:~/ziti-browzer-bootstrapper$ ls -la
total 252
drwxr-xr-x 1 root root    142 Jun 14 23:59 .
drwxr-xr-x 1 node node     50 Jun 14 23:59 ..
drwxr-xr-x 1 node node    160 Jun 14 23:48 assets
-rw-r--r-- 1 node node  33548 Jun 14 23:48 index.js
drwxr-xr-x 1 node node    156 Jun 14 23:48 lib
drwxr-xr-x 1 node node  12804 Jun 14 23:58 node_modules
-rw-r--r-- 1 node node   2435 Jun 14 23:48 package.json
-rw-r--r-- 1 node node 211312 Jun 14 23:48 yarn.lock
-rwxr-xr-x 1 node node    352 Jun 14 23:48 zha-docker-entrypoint

. belongs to root/root and not node/node - so it can't create the log folder. I'm not sure if this folder is being used at all, as I have not been able to find any other references to logDir other than the creation of the folder.

Bye, Chris

qrkourier commented 4 months ago

:sewing_needle: https://github.com/openziti/helm-charts/issues/229

qrkourier commented 3 months ago

I'm unsure if this is still a problem because browZer has been under active development. It will be important to reproduce with the latest version if it's still a problem.

The bootstrapper runs as UID: 1000 by default, which has symbolic name "node" inside the container image. You can in theory run-as any UID, but you must set file owner or mode or both if you deviate from running as the default UID.