Running provectuslabs/kafka-ui docker image on AWS ECS with readonlyRootFilesystem=true

[bitdean]

Issue submitter TODO list

• [X] I've searched for an already existing issues here
• [X] I'm running a supported version of the application which is listed here and the feature is not present there

Is your proposal related to a problem?

No response

Describe the feature you're interested in

• security best practice is that docker image itself should not be modified in runtime, with AWS ECS configuration readonlyRootFilesystem = true, this can be achieved on infrastructure level
• kafka-ui itself works with readonly root filesystem, interface starts but it fails to load messages from topic
• issue is related to snappy compression lib used in kafka-ui, snappy library extracts itself .so file, which fails on read only system
• suggestion: since you are using alpine as base docker image, following trick fixes problems when running on read only system:

FROM provectuslabs/kafka-ui:v0.7.1
USER root
RUN apk add java-snappy
USER kafkaui
CMD ["/bin/sh" "-c" "java --add-opens java.rmi/javax.rmi.ssl=ALL-UNNAMED  -Dorg.xerial.snappy.lib.path=/usr/lib/ $JAVA_OPTS -jar kafka-ui-api.jar"]

Describe alternatives you've considered

• maybe find some other ways to pre-populate snappy native binary into docker image or configure snappy library to not extract native library

Version you're running

v0.7.1

Additional context

No response

[github-actions[bot]]

Hello there bitdean! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀