Hi Michael, Thanks for the detailed explanation.
On Thu, May 26, 2022 at 11:08 PM Michael Marshall <mmarsh...@apache.org> wrote: > Hi Neng Lu, > > I put together a doc [0] that includes some tips for troubleshooting a > non-root docker image. Some of the details depend on how you're > deploying Pulsar. > > If you can ssh to the host as the root user, you can run `docker exec > --user 0 ...` to get a shell in the container as the root user. > > When running on Kubernetes, you might be able to utilize [1] to gain > root access to the host node for the pod, and then you can exec into > the container as the root user, as described in the doc [0]. Or, if > you don't have any pod security policies, you can set the pod's > securityContext so that the container runs as the root user. > > The final option is to build a custom image with additional tooling. > > If you find other helpful resources, feel free to update that doc or > send a note here, and I'll update the doc. > > - Michael > > [0] > https://github.com/apache/pulsar/blob/master/docker/README.md#troubleshooting-non-root-containers > [1] https://github.com/kvaps/kubectl-node-shell > > On Thu, May 26, 2022 at 5:24 PM Neng Lu <freen...@gmail.com> wrote: > > > > Hi All, > > > > I'm curious to learn once the image is run as non-root, how can we debug > or > > investigate production issues inside a running cluster? > > > > On Thu, May 19, 2022 at 12:14 PM Michael Marshall <mmarsh...@apache.org> > > wrote: > > > > > Hello Pulsar Community, > > > > > > With the 2.10.0 release, our Pulsar Docker images default to run as a > > > non-root user. In order to use the 2.10.0 Docker image with the Apache > > > Pulsar Helm Chart, we need to merge this PR [0]. If you're able, > > > please review it. Once merged, I propose that we follow up with a > > > release so that users wanting to upgrade to 2.10.0 have an upgrade > > > path. > > > > > > Thanks, > > > Michael > > > > > > [0] https://github.com/apache/pulsar-helm-chart/pull/266 > > > > > > > > > -- > > Best Regards, > > Neng > -- Best Regards, Neng
