Elasticsearch container fails when running as non root.

[jkrnak]

When running the container as non root, ie with securityContext.runAsUser: 1000 the supervisord process was starting up as the passed in user.
This caused supervisord to fail because the /usr/share/supervisor directory was owned by root.

[weicongs-amazon]

close the issue. feel free to reopen

[jkrnak]

Has this been fixed or why did you close?

[weicongs-amazon]

@jkrnak we shared some comments in the PR #31
We think it's not a good way to grant permissions to all of the users. pls share your idea here.

[jkrnak]

@weicongs-amazon sorry, I didn't reply there. I saw the comment and I accept that.
But currently the es image can't run without root privileges (at least if opendistro_performance_analyzer is enabled), which makes it difficult to run on shared (multi tenant) clusters.

Do you think we could run supervisord with the same UID as the container is running?

[weicongs-amazon]

Thanks @jkrnak. Agree with you. This is valid point. We should use the same UID. And there should be an alternative way to start the performance analyzer to avoid the supervisord. Let me sync up with the team firstly. will post updates here.

[peterzhuamazon]

We have identify the issue and have a solution proposed.
We are working on it and hopefully will give you an update soon.
Thank you again for your inputs.

[jkrnak]

Thank you for the update and the work!

[peterzhuamazon]

Status Update: this issue still remains open for the upcoming 1.9.0 release.
We plan to push the changes after this release as it requires testings from specific plugin.

[peterzhuamazon]

Status Update: This issue is now fixed on both the plugins and the build sides.
Will use this new config in the next releases. This issue will be closed as of now.
Thanks @jkrnak for reporting this and sorry for the delay to get it eventually fixed in ODFE.

[jkrnak]

Thank you for fixing it!