Hi Ivy Team, I'm trying to run Axon.ivy Engine on OpenShift, the first try with a Pod is working. Then I try to use DeploymentConfig to automate the Pod creation, it could not run because the running user didn't have permission on Axon.ivy Engine directory. Here is the error detail:
I guest OpenShift runs Axon.ivy Engine by a different user than the one defined in Docker Image. I think fixing the permission of
Do you have any suggestion? Update: After fixing permission, I faced another issue, it's definitely related to OpenShift using different user.
asked 18.06.2020 at 21:10 vinh_ |
We are creating a user and a group called I'm not familiar with OpenShift, do you have any docs about users and group in OpenShift? answered 19.06.2020 at 01:42 Alex Suter ♦♦ I found the cause, OpenShift use Arbitrary User with un-predictable UID, this user has group
I think the better fix could go in Debian package and Dockerfile by set the owner to
(19.06.2020 at 01:52)
vinh_
This is in my opinion definitively no option! This is a security risk. Especially for the Debian package. If you have any docs about what is common practice, we will apply this to the image, but I think you may not use OpenShift the right way?
(19.06.2020 at 01:58)
Alex Suter ♦♦
the The default behavior of OpenShift is always creating Arbitrary User ID to prevent container escape and privilege escalation.
(19.06.2020 at 02:03)
vinh_
Thank you for this link, in the doc is stated
This seems only to be necessary for OpenShift environment but not for docker and for Kubernetes environment. So we won't apply this to our image. You need to create your own image which is based on the official Axon.ivy Engine image. Then you can apply these changes to the directories.
(19.06.2020 at 02:09)
Alex Suter ♦♦
1
Thanks Alex, this is what I'm doing right now, I may build the image from scratch base on official Axon.ivy Engine Dockerfile to reduce the image size (you know the files are duplicated only for changing permission).
(19.06.2020 at 02:11)
vinh_
Yes, this is anyway a good approach! So you can take as base image whatever you want to take!
(19.06.2020 at 02:40)
Alex Suter ♦♦
showing 5 of 6
show 1 more comments
|
Once you sign in you will be able to subscribe for any updates here
By RSS:Markdown Basics
Tags:
Asked: 18.06.2020 at 21:10
Seen: 2,876 times
Last updated: 19.06.2020 at 02:40