On 22.11.2017 12:09, Paolo Patierno wrote:
In my experience, as far as I know, it's not true for Kubernetes but only for OpenShift.
Yes, Kubernetes just runs the container "as-is".
As you said, OpenShift injects a temporary "non root" user for running container and accessing to file system.
It doesn't happen on Kubernetes so the container runs with root user if the "hono" user is removed.
In this case I would stick with the "hono" user.
Yes, the container would run as root in this case, unless you add corresponding params to the deployment spec for running it as a another user. My point is not that I think running as root is the best thing to do but instead my point is that I would like to
not interfere with the container orchestrator's means to handle this. So, if you are concerned to run the Hono container on Kubernetes as root, simply change it to another user by means of specifying a SecurityContext for the pod.
Have you already tried this change on Kubernetes ?
yes, runs without a problem on minikube.
Thanks
Paolo Patierno
Senior Software Engineer (IoT) @ Red Hat
Microsoft MVP on Azure & IoT
Microsoft Azure Advisor
_______________________________________________
hono-dev mailing list
hono-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/hono-dev
--
Mit freundlichen Grüßen / Best regards
Kai Hudalla
Chief Software Architect
Bosch Software Innovations GmbH
Ullsteinstraße 128
12109 Berlin
GERMANY
www.bosch-si.com
Registered Office: Berlin, Registration Court: Amtsgericht Charlottenburg; HRB 148411 B
Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke; Managing Directors: Dr.-Ing. Rainer Kallenbach, Michael Hahn
|