flink-on-k8s-operator How to run the flink-operator-controller-manager as non root user?

How to run the flink-operator-controller-manager as non root user?

Open timsn opened this issue 4 years ago • 0 comments

If I set the securityContext for the flink-operator container inside the flink-operator-controller-manager to run as non-root user (or to drop all capabilites) the container fails to run with the following error:

ERROR   setup   Problem running manager {"error": "listen tcp :443: bind: permission denied"}
github.com/go-logr/zapr.(*zapLogger).Error
        /root/go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128
main.main
        /workspace/main.go:101
runtime.main
        /usr/local/go/src/runtime/proc.go:203

Is this a technical limitation that the flink-operator has to run an root? Or is there a way to make it possible to run it as a different user?

Here is one example securityContext I tried (I also tried other users):

securityContext:
  runAsNonRoot: true
  runAsUser: 1000

Thank you!

Jun 11 '21 15:06 timsn

flink-on-k8s-operator flink-on-k8s-operator copied to clipboard

How to run the flink-operator-controller-manager as non root user?

flink-on-k8s-operator
flink-on-k8s-operator copied to clipboard