dockeraerospikeaerospike-loader

Aerospike user not found when running as nonroot


I am using community edition aerospike docker image. Our k8s cluster does not allow running containers as root. hence i started following this doc for running as non root.

But when run the image i am getting below error

link eth0 state up
link eth0 state up in 0
Dec 02 2021 10:15:12 GMT: CRITICAL (config): (cfg.c:2168) line 6 :: user not found: 8888
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:166) SIGINT received, shutting down Aerospike Community Edition build 5.6.0.7 os debian10
Dec 02 2021 10:15:12 GMT: WARNING (as): (signal.c:169) startup was not complete, exiting immediately

I am having below config in my aerospike conf

    service {
      user 8888
      group 8888
      paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
      pidfile /var/run/aerospike/asd.pid
      # service-threads 6 # cpu x 5 in 4.7
      # transaction-queues 6 # obsolete in 4.7
      # transaction-threads-per-queue 4 # obsolete in 4.7
      proto-fd-max 15000
      }

and below is my k8s config

apiVersion: apps/v1
kind: Deployment
metadata:
  name: aerospike
  labels:
    app: aerospike
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0%
      maxUnavailable: 100%
  selector:
    matchLabels:
      app: aerospike
  template:
    metadata:
      labels:
        app: aerospike
    spec:
      terminationGracePeriodSeconds: 30
      volumes:
        - name: config-volume
          configMap:
            name: aerospikeconfig
      containers:
        - name: aerospike-container
          image: aerospikeimage
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /etc/aerospike/
              name: config-volume
          env:
            - name: NAMESPACE
              value: "bar"
          securityContext:
            runAsUser: 8888
            runAsGroup: 8888
            runAsNonRoot: true
          resources:
            requests:
              memory: 1Gi
              cpu: 1
            limits:
              memory: 1Gi
              cpu: 1


Solution

  • I think this is not Kubernetes related but just aerospike You are using uid/gid

    user 8888
    group 8888
    

    Could you try using username/groupname

    service {
          user aerospike
          group aerospike
          paxos-single-replica-limit 1 # Number of nodes where the replica count is automatically reduced to 1.
          pidfile /var/run/aerospike/asd.pid
          # service-threads 6 # cpu x 5 in 4.7
          # transaction-queues 6 # obsolete in 4.7
          # transaction-threads-per-queue 4 # obsolete in 4.7
          proto-fd-max 15000
          }