Thomas Decaux created ZEPPELIN-5747:
---------------------------------------
Summary: Docker image is missing a zeppelin user
Key: ZEPPELIN-5747
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5747
Project: Zeppelin
Issue Type: Improvement
Components: docker
Affects Versions: 0.10.1
Reporter: Thomas Decaux
h3. Problem
The Docker image dont define any user.
Run as "no root" is a best practice to run container, especially on kubernetes
with securityContext, such as :
{code:java}
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000 {code}
Zeppelin will run fine, but spark will not:
{code:java}
org.apache.hadoop.security.KerberosAuthException: failure to login:
javax.security.auth.login.LoginException: java.lang.NullPointerException:
invalid null input: name
at com.sun.security.auth.UnixPrincipal.<init>(UnixPrincipal.java:71)
{code}
h3. Solution
The Dockerfile should create a "zeppelin" user, with home = "/opt/zeppelin",
uid = 1000
h3. Workaround
On kubernetes, it's possible to share a volume mounted as /etc/passwd and use
an initContainer to add the user.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
