1

I want to deploy application using Kubernetes, one of the used components will be a GridDb database, I used the following article to deploy it - https://griddb.net/en/blog/creating-a-kubernetes-application-using-griddb-and-go/, the deployment manifest is shown below. One thing that I want to change is the securityContext, I'd like to avoid running as a root user. However, in documentation it says "we need to run as root user to have the sufficient permissions to save the changes to the config file". Any advise how I should proceed?

apiVersion: apps/v1
kind: Deployment
metadata:
  name: griddb-server-deployment
spec:
  replicas: 3 
  selector:
    matchLabels:
      app: griddb-server
  template:
    metadata:
      labels:
        app: griddb-server
    spec:
      volumes:
        - name: griddb-pv-storage
          persistentVolumeClaim:
            claimName: griddb-server-pvc
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app: griddb-server
      containers:
        - name: griddbcontainer
          image: localhost:5000/griddb-server:01
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 10001
          volumeMounts:
            - mountPath: "/var/lib/gridstore/data"
              name: griddb-pv-storage
          securityContext:
            runAsUser: 0
            runAsGroup: 0
          env:
          - name: NOTIFICATION_MEMBER
            value: '1'
          - name: GRIDDB_CLUSTER_NAME
            value: "myCluster"
Jacob_P
  • 29
  • 1

1 Answers1

1

Root user need to save changes to the files in folder /var/lib/gridstore/conf/ (for example, in https://griddb.net/en/blog/griddb-using-fixed-list-or-multicast-clustering/ they say that changes in files repository.json and gs_cluster.json in that folder are required). I would recommend to create a non-root user and give it full permissions to that folder.

You can do it by

  • creating a new Dockerfile based on the griddb-server image you use in your example,
  • running useradd to add a new user and
  • running chmod to change the folder ownership.
Rohit Gupta
  • 2,116
  • 8
  • 19
  • 25
MChen
  • 11
  • 1