当 运行 作为非 root 时找不到 Aerospike 用户
Aerospike user not found when running as nonroot
我正在使用社区版 aerospike docker 图片。
我们的 k8s 集群不允许 运行ning 容器作为 root。因此我开始关注 this doc for 运行ning as non root.
但是当运行图像低于错误
link eth0 state up
link eth0 state up in 0
Dec 02 2021 10:15:12 GMT: CRITICAL (config): (cfg.c:2168) line 6 :: user not found: 8888
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:166) SIGINT received, shutting down Aerospike Community Edition build 5.6.0.7 os debian10
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:169) startup was not complete, exiting immediately
我的 aerospike conf 中有以下配置
service {
user 8888
group 8888
paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
pidfile /var/run/aerospike/asd.pid
# service-threads 6 # cpu x 5 in 4.7
# transaction-queues 6 # obsolete in 4.7
# transaction-threads-per-queue 4 # obsolete in 4.7
proto-fd-max 15000
}
下面是我的 k8s 配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: aerospike
labels:
app: aerospike
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0%
maxUnavailable: 100%
selector:
matchLabels:
app: aerospike
template:
metadata:
labels:
app: aerospike
spec:
terminationGracePeriodSeconds: 30
volumes:
- name: config-volume
configMap:
name: aerospikeconfig
containers:
- name: aerospike-container
image: aerospikeimage
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/aerospike/
name: config-volume
env:
- name: NAMESPACE
value: "bar"
securityContext:
runAsUser: 8888
runAsGroup: 8888
runAsNonRoot: true
resources:
requests:
memory: 1Gi
cpu: 1
limits:
memory: 1Gi
cpu: 1
我认为这与 Kubernetes 无关,而只是 aerospike
您正在使用 uid/gid
user 8888
group 8888
你可以尝试使用 username/groupname
service {
user aerospike
group aerospike
paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
pidfile /var/run/aerospike/asd.pid
# service-threads 6 # cpu x 5 in 4.7
# transaction-queues 6 # obsolete in 4.7
# transaction-threads-per-queue 4 # obsolete in 4.7
proto-fd-max 15000
}
我正在使用社区版 aerospike docker 图片。 我们的 k8s 集群不允许 运行ning 容器作为 root。因此我开始关注 this doc for 运行ning as non root.
但是当运行图像低于错误
link eth0 state up
link eth0 state up in 0
Dec 02 2021 10:15:12 GMT: CRITICAL (config): (cfg.c:2168) line 6 :: user not found: 8888
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:166) SIGINT received, shutting down Aerospike Community Edition build 5.6.0.7 os debian10
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:169) startup was not complete, exiting immediately
我的 aerospike conf 中有以下配置
service {
user 8888
group 8888
paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
pidfile /var/run/aerospike/asd.pid
# service-threads 6 # cpu x 5 in 4.7
# transaction-queues 6 # obsolete in 4.7
# transaction-threads-per-queue 4 # obsolete in 4.7
proto-fd-max 15000
}
下面是我的 k8s 配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: aerospike
labels:
app: aerospike
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0%
maxUnavailable: 100%
selector:
matchLabels:
app: aerospike
template:
metadata:
labels:
app: aerospike
spec:
terminationGracePeriodSeconds: 30
volumes:
- name: config-volume
configMap:
name: aerospikeconfig
containers:
- name: aerospike-container
image: aerospikeimage
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/aerospike/
name: config-volume
env:
- name: NAMESPACE
value: "bar"
securityContext:
runAsUser: 8888
runAsGroup: 8888
runAsNonRoot: true
resources:
requests:
memory: 1Gi
cpu: 1
limits:
memory: 1Gi
cpu: 1
我认为这与 Kubernetes 无关,而只是 aerospike 您正在使用 uid/gid
user 8888
group 8888
你可以尝试使用 username/groupname
service {
user aerospike
group aerospike
paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
pidfile /var/run/aerospike/asd.pid
# service-threads 6 # cpu x 5 in 4.7
# transaction-queues 6 # obsolete in 4.7
# transaction-threads-per-queue 4 # obsolete in 4.7
proto-fd-max 15000
}