-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OKD kubernetes - non-root user #148
Comments
Hi @Rezorl |
Hi @randomorder Thanks for the answer! I am trying to run geoserver version geosolutionsit/geoserver:2.24.4 on OKD. I get an error: The user who runs the container: Why am I getting a permission denied error? What do I need to do to solve the problem? |
Basically this is a situation like this: |
Hi @Rezorl. If I understand correctly your UID is random. I'm not sure if it also changes every time the Pod is restarted. If fsGroup doesn't work for your case, you can |
It is somewhat static. Does not change with every pod restart. Just unknown
during buildtime.
pt., 12 lip 2024, 18:27 użytkownik Francesco Camuffo <
***@***.***> napisał:
… Hi @Rezorl <https://github.com/Rezorl>.
You get the error because the user can't write in the data directory.
If I understand correctly your UID is random. I'm not sure if it also
changes every time the Pod is restarted.
If the UID is somewhat "static" you might be able to leverage the fsGroup
<https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods>
setting.
If fsGroup doesn't work for your case, you can chown the data dir
contents using an initContainer, so before GeoServer starts.
—
Reply to this email directly, view it on GitHub
<#148 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE7FDCPEW24FHTUQCDTQFA3ZL77WXAVCNFSM6AAAAABJTXVLECVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRVHEZDIOJVGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Is it possible to build a geoserver image so that it works for a non-root user? I don't know the user's ID and group at the image building level, only when the container is launched. The image will run on OKD Kubernetes. There is a custom_build.sh file for building your own geoserver image. Is it possible to use this image for this problem?
The text was updated successfully, but these errors were encountered: