lkindere opened a new issue, #1071:
URL: https://github.com/apache/polaris/issues/1071
### Describe the bug
Hello,
When deploying with a a containerSecurityContext and runAsUser polaris pod
fails to start with the following error:
`Starting the Java application using
/opt/jboss/container/java/run/run-java.sh ...
/usr/local/s2i/run: line 21: /opt/jboss/container/java/run/run-java.sh:
Permission denied
/usr/local/s2i/run: line 21: exec:
/opt/jboss/container/java/run/run-java.sh: cannot execute: Permission denied`
I've been following these steps:
1. ./gradlew clean :polaris-quarkus-server:assemble
:polaris-quarkus-admin:assemble \
-Dquarkus.container-image.build=true \
-PeclipseLinkDeps=org.postgresql:postgresql:42.7.4 \
--no-build-cache
2. Helm deploy with the built image using the following values.yaml:
`storage:
secret:
name: polaris-storage
awsAccessKeyId: access-key
awsSecretAccessKey: secret-key
serviceAccount:
create: false
image:
repository: <private_repo>/polaris
pullPolicy: IfNotPresent
tag: "1.0.0-incubating-SNAPSHOT"
securityContext:
seccompProfile:
type: RuntimeDefault
imagePullSecrets:
- <api-token>
containerSecurityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop: [ "ALL" ]
seccompProfile:
type: RuntimeDefault
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi`
### To Reproduce
1. ./gradlew clean :polaris-quarkus-server:assemble
:polaris-quarkus-admin:assemble \
-Dquarkus.container-image.build=true \
-PeclipseLinkDeps=org.postgresql:postgresql:42.7.4 \
--no-build-cache
2. Helm deploy with the built image using the following values.yaml:
storage:
secret:
name: polaris-storage
awsAccessKeyId: access-key
awsSecretAccessKey: secret-key
serviceAccount:
create: false
image:
repository: schwarzit-xx-sit-uapc-wawi-docker-local.jfrog.io/polaris
pullPolicy: IfNotPresent
tag: "1.0.0-incubating-SNAPSHOT"
imagePullSecrets:
- wawi-jfrog-api-token
containerSecurityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop: [ "ALL" ]
seccompProfile:
type: RuntimeDefault
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
### Actual Behavior
Polaris pod fails to start with error
Starting the Java application using
/opt/jboss/container/java/run/run-java.sh ...
/usr/local/s2i/run: line 21: /opt/jboss/container/java/run/run-java.sh:
Permission denied
/usr/local/s2i/run: line 21: exec:
/opt/jboss/container/java/run/run-java.sh: cannot execute: Permission denied
### Expected Behavior
Polaris pods started
### Additional context
I have additionally tried to set runAsUser: 10000 as that seems to be
referenced in the docker image for the server but that fails even before there
are any logs:
terminated
Reason:Reason: StartError - exit code: 128
Started at: 1970-01-01T01:00:00+01:00
Finished at: 2025-02-26T12:09:43+01:00
### System information
linux/amd64 image
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
