-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run RabbitMQ without user 100/101? #529
Labels
question
Usability question, not directly related to an error with the image
Comments
wglambert
added
the
question
Usability question, not directly related to an error with the image
label
Oct 28, 2021
Yeah in Docker it'd be using the apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: rabbitmq
name: rabbitmq
spec:
securityContext:
runAsUser: 1337
runAsGroup: 1337
containers:
- image: rabbitmq:management
name: rabbitmq
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {} $ kubectl create -f rabbitmq.yaml
pod/rabbitmq created
$ kubectl exec -it rabbitmq -- bash
groups: cannot find name for group ID 1337
I have no name!@rabbitmq:/$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
1337 1 0.0 0.0 2612 1672 ? Ss 20:22 0:00 /bin/sh /opt/rabbitmq/sbin/rabbitmq-server
1337 16 9.7 6.4 1790344 131868 ? Sl 20:22 0:05 /usr/local/lib/erlang/erts-12.1.3/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlm
1337 23 0.0 0.0 2508 580 ? Ss 20:22 0:00 erl_child_setup 1048576
1337 47 0.0 0.0 3888 92 ? S 20:22 0:00 /usr/local/lib/erlang/erts-12.1.3/bin/epmd -daemon
1337 68 0.0 0.0 3888 836 ? Ss 20:22 0:00 inet_gethost 4
1337 69 0.0 0.0 3968 1704 ? S 20:22 0:00 inet_gethost 4
1337 86 0.0 0.1 5996 3884 pts/0 Ss 20:22 0:00 bash
1337 103 0.0 0.1 7652 3280 pts/0 R+ 20:23 0:00 ps aux |
@wglambert So, all of the permissions are "ready to go" to be run as a different user and group in Kubernetes? |
Yep, we strive to ensure that it can be run as an arbitrary user: #125, #380 (comment), and #396 (comment). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it possible to run the RabbitMQ container using a user other than 100/101? In secure Kubernetes environments, this user id may not be allowed to run. Thanks for any suggestions (aside from building my own Docker Image from source).
The text was updated successfully, but these errors were encountered: