michaeljmarshall opened a new issue #11269:
URL: https://github.com/apache/pulsar/issues/11269
**Is your feature request related to a problem? Please describe.**
Update the Pulsar docker images to run as a non root user by default.
**Describe the solution you'd like**
The right solution will meet the following requirements:
* Pulsar docker images run as a non root user by default.
* Pulsar docker images are able to run on OpenShift (a platform with
stricter requirements than basic kubernetes)
* Mainly, we'll need to make sure that the root group has sufficient
permissions to write to all necessary directories/files.
* Additionally, someone mentioned to me that they had trouble writing to
a persistent file after restarting a Pulsar docker image on OpenShift. We
should make sure the solution includes the ability to restart pulsar components
successfully.
* The Pulsar helm chart includes an easy way for end users to upgrade
without any breaking changes.
* We will likely be able to make use of the kubernetes feature that will
`chown` persistent volumes to the configured `fsGroup`. However, I'm uncertain
how this works on OpenShift, so I will need to research this a bit more.
* The non root user and the root group only receive write permissions where
necessary for each pulsar component to run.
Additionally, I think we should produce images that are minimal. Making
minimal containers means that we won't include debug tools in them. This will
make it harder to debug, but more importantly, it increases the security of the
container by removing possible attack vectors. Note that it is trivial for
developers to extend our docker images to add _any_ debug tool they would like
to use. This prevents us from having to curate and maintain a list of extra
tools in the docker image.
**Test criteria**
There are several important test cases to cover.
1. Make sure we're able to upgrade and downgrade pulsar components (mainly
all of the ones utilizing persistent storage). Do this using the official
Apache Pulsar helm chart.
2. Test the image on OpenShift. I plan to use a local OpenShift cluster on
my Mac, but perhaps someone would be able to validate our docker images on a
real cluster.
3. Be sure to include test cases for function workers. (They were one of the
missed cases before that led https://github.com/apache/pulsar/pull/8796 to get
reverted in https://github.com/apache/pulsar/pull/10861).
4. Test the `chown` feature for volumes in kubernetes. Make sure that
managed kubernetes offerings from the major cloud providers actually support
this `chown` feature. (I mention it because I'm not sure if this is an add-on
or a native feature within the kubelet.)
Please let me know if you have any additional test cases you'd like to see
covered.
**Communication**
Communicate this change on the mailing list to ensure that the community has
time to test the new docker images before we begin the release process.
**Describe alternatives you've considered**
The main alternative here is whether or not the docker image should contain
debugging tools. Otherwise, I think the community has generally accepted this
feature, as is.
**Additional context**
I plan to contribute this fix later this month.
Relevant PRs and Issues: https://github.com/apache/pulsar/pull/10861,
https://github.com/apache/pulsar/issues/8751,
https://github.com/apache/pulsar/pull/8242,
https://github.com/apache/pulsar/pull/10861
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
