Hi Robin, I think you're approaching this from the wrong direction.
Try setting an appropriate security context for your Kubernetes pod [1] and make sure to not bind the Dropwizard application to a privileged port (anything <1024), then you should be fine. The Dropwizard application will run within the configured security context of the pod and won't have root privileges. [1]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod> Best regards, Jochen > Am 10.03.2020 um 07:42 schrieb Kuttaiah Robin <[email protected]>: > > Hello, > > I did created a dropwizzard microservice as per the documentation in the k8's > cluster. > > When I get into that k8's pod I see it runs as root user. Basically, I did, > whoami within that terminal. This is a security concern for our production. > > For this reason, I changed the as below; > > DefaultServerFactory defaultServerFactory = (DefaultServerFactory) > getServerFactory(); > defaultServerFactory.setStartsAsRoot(false); > > With this I get; > > ERROR [2020-03-10 06:29:59,267] io.dropwizard.cli.ServerCommand: Unable to > start server, shutting down > ! java.net.SocketException: Permission denied > ! at sun.nio.ch.Net.bind0(Native Method) > ! at sun.nio.ch.Net.bind(Net.java:433) > ! at sun.nio.ch.Net.bind(Net.java:425) > ! at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:220) > ! at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:85) > ! at > org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:342) > ! at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307) > ! at > org.eclipse.jetty.setuid.SetUIDListener.lifeCycleStarting(SetUIDListener.java:200) > ! ... 15 common frames omitted > ! Causing: java.lang.RuntimeException: java.net.SocketException: Permission > denied > ! at > org.eclipse.jetty.setuid.SetUIDListener.lifeCycleStarting(SetUIDListener.java:213) > ! at > org.eclipse.jetty.util.component.AbstractLifeCycle.setStarting(AbstractLifeCycle.java:204) > ! at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:71) > ! at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53) > ! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:45) > ! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87) > ! at io.dropwizard.cli.Cli.run(Cli.java:79) > ! at io.dropwizard.Application.run(Application.java:94) > ! at > com.oracle.insight.dropwizzard.DWMicroservice$DWStartable.start(DWMicroservice.java:80) > ! at > java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:995) > ! at > java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2137) > ! at > oracle.mtms.infra.services.bootstrap.lifecycle.LifecycleServiceImpl.startAdminServer(LifecycleServiceImpl.java:85) > > > > Any help? > > regards, > Robin Kuttaiah > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dropwizard-user/2e5562f9-977f-4c34-8c2a-77c0316ba29e%40googlegroups.com > > <https://groups.google.com/d/msgid/dropwizard-user/2e5562f9-977f-4c34-8c2a-77c0316ba29e%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/F91EF470-D4E7-473F-B9B3-94D85DFBF34A%40schalanda.name.
