Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not starting as pod in kubernetes #279

Open
marvkis opened this issue Jun 23, 2024 · 2 comments
Open

Not starting as pod in kubernetes #279

marvkis opened this issue Jun 23, 2024 · 2 comments

Comments

@marvkis
Copy link

marvkis commented Jun 23, 2024

Hi,

I try to start the browzer-bootstrapper as a pod in a kubernetes infrastructure.

It fails with this message on the console:

{"timestamp": "2024-06-23T06:46:54.187Z", "level": "info", "message":  "ZITI_BROWZER_BOOTSTRAPPER_LOG_PATH is null"}
/home/node/ziti-browzer-bootstrapper/index.js:921
    logger.error( e );
           ^

TypeError: Cannot read properties of undefined (reading 'error')
    at process.<anonymous> (/home/node/ziti-browzer-bootstrapper/index.js:921:12)
    at process.emit (node:events:513:28)
    at process._fatalException (node:internal/process/execution:149:25)

I have oriented myself for the deployment in kubernetes on dovholuknf docker compose and set the user in the security context:

  securityContext:
    fsGroup: 2171
    runAsGroup: 2171
    runAsUser: 1000

Initial investigation

Currently I assume it fails to initialize the logger - I think it fails to create the log folder here. It seems the permissions of the ziti-browzer-bootstrapper folder are wrong:

node@ziti-browzer-browzer-bootstrapper-65567b58f-tvmkc:~/ziti-browzer-bootstrapper$ ls -la
total 252
drwxr-xr-x 1 root root    142 Jun 14 23:59 .
drwxr-xr-x 1 node node     50 Jun 14 23:59 ..
drwxr-xr-x 1 node node    160 Jun 14 23:48 assets
-rw-r--r-- 1 node node  33548 Jun 14 23:48 index.js
drwxr-xr-x 1 node node    156 Jun 14 23:48 lib
drwxr-xr-x 1 node node  12804 Jun 14 23:58 node_modules
-rw-r--r-- 1 node node   2435 Jun 14 23:48 package.json
-rw-r--r-- 1 node node 211312 Jun 14 23:48 yarn.lock
-rwxr-xr-x 1 node node    352 Jun 14 23:48 zha-docker-entrypoint

. belongs to root/root and not node/node - so it can't create the log folder. I'm not sure if this folder is being used at all, as I have not been able to find any other references to logDir other than the creation of the folder.

Bye,
Chris
@qrkourier
Copy link
Member

🪡 openziti/helm-charts#229

@qrkourier
Copy link
Member

I'm unsure if this is still a problem because browZer has been under active development. It will be important to reproduce with the latest version if it's still a problem.

The bootstrapper runs as UID: 1000 by default, which has symbolic name "node" inside the container image. You can in theory run-as any UID, but you must set file owner or mode or both if you deviate from running as the default UID.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qrkourier @marvkis