Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-266

Don't require root permissions to run the Couchbase container on openshift

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • None
    • 1.0.0
    • openshift
    • None

    Description

      I think we should be able to create a container that doesn't require root to run.

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            simon.murray Simon Murray added a comment -

            Just a note, being able to 'docker exec' into a couchbase-server container and install packages as root (e.g. tcpdump and iputils) is quite a good thing.  I'd rather we not lose this debug functionality if at all possible.

            simon.murray Simon Murray added a comment - Just a note, being able to 'docker exec' into a couchbase-server container and install packages as root (e.g. tcpdump and iputils) is quite a good thing.  I'd rather we not lose this debug functionality if at all possible.

            Simon,

            This is specifically for openshift. I haven't looked into the details yet so I'm not sure exactly what we should do, but right now we need to add extra privileges (oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:default) for a user to run our containers. This isn't usually required by default and some users are uncomfortable needing to do this. We have separate openshift containers and I think using those would solve this issue, but I haven't had a chance to test it out yet.

            mikew Mike Wiederhold [X] (Inactive) added a comment - Simon, This is specifically for openshift. I haven't looked into the details yet so I'm not sure exactly what we should do, but right now we need to add extra privileges (oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:default) for a user to run our containers. This isn't usually required by default and some users are uncomfortable needing to do this. We have separate openshift containers and I think using those would solve this issue, but I haven't had a chance to test it out yet.

            People

              mikew Mike Wiederhold [X] (Inactive)
              mikew Mike Wiederhold [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty