Run RabbitMQ without user 100/101?

[rwmajor2]

Is it possible to run the RabbitMQ container using a user other than 100/101? In secure Kubernetes environments, this user id may not be allowed to run. Thanks for any suggestions (aside from building my own Docker Image from source).

[wglambert]

Yeah in Docker it'd be using the --user option, for Kubernetes you'd add the usual securityContext for runAsUser

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: rabbitmq
  name: rabbitmq
spec:
  securityContext:
    runAsUser: 1337
    runAsGroup: 1337
  containers:
  - image: rabbitmq:management
    name: rabbitmq
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

$ kubectl create -f rabbitmq.yaml
pod/rabbitmq created

$ kubectl exec -it rabbitmq -- bash
groups: cannot find name for group ID 1337
I have no name!@rabbitmq:/$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
1337         1  0.0  0.0   2612  1672 ?        Ss   20:22   0:00 /bin/sh /opt/rabbitmq/sbin/rabbitmq-server
1337        16  9.7  6.4 1790344 131868 ?      Sl   20:22   0:05 /usr/local/lib/erlang/erts-12.1.3/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlm
1337        23  0.0  0.0   2508   580 ?        Ss   20:22   0:00 erl_child_setup 1048576
1337        47  0.0  0.0   3888    92 ?        S    20:22   0:00 /usr/local/lib/erlang/erts-12.1.3/bin/epmd -daemon
1337        68  0.0  0.0   3888   836 ?        Ss   20:22   0:00 inet_gethost 4
1337        69  0.0  0.0   3968  1704 ?        S    20:22   0:00 inet_gethost 4
1337        86  0.0  0.1   5996  3884 pts/0    Ss   20:22   0:00 bash
1337       103  0.0  0.1   7652  3280 pts/0    R+   20:23   0:00 ps aux

[rwmajor2]

@wglambert So, all of the permissions are "ready to go" to be run as a different user and group in Kubernetes?

[yosifkit]

Yep, we strive to ensure that it can be run as an arbitrary user: #125, #380 (comment), and #396 (comment).