docker-ejtserver
docker-ejtserver copied to clipboard
crazy-max
Run completely without the need of root priviledges
Support guidelines
- [X] I've read the support guidelines
I've found a bug and checked that ...
- [X] ... the documentation does not mention anything about my problem
- [X] ... there are no open or closed issues that are related to my problem
Description
I want to spin up a license server on our kubernetes cluster (and on my local minikube dev platform), without the need of running the container as root user. All seems to work finde, until the "fixing perms..." and a permission error appeared.
Expected behaviour
I thought that it should be possible to run your container without the need of root priviledges, because the README said so.
Actual behaviour
See description for error message :D
Steps to reproduce
You should be able to reproduce this very easily by using this sample deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: "ejtserver-reproducer"
labels:
app: "ejtserver-reproducer"
spec:
selector:
matchLabels:
app: "ejtserver-reproducer"
template:
metadata:
labels:
app: "ejtserver-reproducer"
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
containers:
- name: "ejtserver-reproducer"
image: "crazymax/ejtserver:1.16.2"
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: "Europe/Berlin"
resources:
limits:
cpu: "100m"
memory: 200Mi
requests:
cpu: "100m"
memory: 50Mi
ports:
- name: license-server
containerPort: 11862
protocol: TCP
Docker info
Client: Docker Engine - Community
Version: 25.0.2
Context: default
Debug Mode: false
Server:
Containers: 92
Running: 33
Paused: 0
Stopped: 59
Images: 63
Server Version: 24.0.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 8e4b0bde866788eec76735cc77c4720144248fb7
runc version: ccaecfcbc907d70a7aa870a6650887b901b25b82
init version: de40ad0
Security Options:
seccomp
Profile: builtin
Kernel Version: 5.10.57
Operating System: Buildroot 2021.02.12
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 5.789GiB
Name: minikube
ID: 85a2161d-8389-413c-be4a-b7201c5055e7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Labels:
provider=hyperkit
Experimental: false
Insecure Registries:
10.96.0.0/12
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
Docker Compose config
No response
Logs
Setting timezone to Europe/Berlin...
ln: failed to create symbolic link '/etc/localtime': Permission denied
/entrypoint.sh: line 52: /etc/timezone: Permission denied
Downloading ejtserver 1.16.2 from https://licenseserver.ej-technologies.com/ejtserver_unix_1_16_2.tar.gz...
Installing ejtserver 1.16.2...
Initializing license server...
Checking licenses...
Inserting licenses...
Configuring license server...
Setting log level of license server to INFO...
Fixing perms...
error: failed switching to "ejt:ejt": operation not permitted
Additional info
No response
