Description
First, I think it's awesome to stop running as root inside the pods.
But I can't seem to get the nonroot to work in Minikube. Is it a general minikube problem? Zookeeper complains about not being able to create things under the /var/lib/zookeeper mountpoint, and if I go in there (had to edit the statefulset to do a sleep instead of the normal command) the folder has different permissions compared to a working setup in AWS:
nonroot@pzoo-0:/opt/kafka$ ls -ld /var/lib/zookeeper
drwxrwxrwx 4 root root 4096 May 15 09:02 /var/lib/zookeeper
nonroot@pzoo-0:/opt/kafka$ ls -ld /var/lib/zookeeper/data
drwxrwxr-x 2 root root 4096 May 15 09:02 /var/lib/zookeeper/data
And here is how it looks in the working setup in AWS:
nonroot@pzoo-0:/opt/kafka$ ls -ld /var/lib/zookeeper
drwxrwsr-x 5 root nogroup 4096 May 12 11:30 /var/lib/zookeeper
nonroot@pzoo-0:/opt/kafka$ ls -ld /var/lib/zookeeper/data
drwxrwsr-x 3 root nogroup 4096 May 12 11:30 /var/lib/zookeeper/data
As seen, in Minikube the nonroot:nogroup user can't write to the data folder. And I assume this is because the init-container when it created the folder, in AWS it respects the fsGroup parameter for the volume, and in Minikube it ignores it.
By adding chown -R 65532:65534 /var/lib/zookeeper to the zookeeper init file, it works, but since it seems to be working in AWS, I guess this is just affecting Minikube, or just me? 😄