Hi Neng Lu, I put together a doc [0] that includes some tips for troubleshooting a non-root docker image. Some of the details depend on how you're deploying Pulsar.
If you can ssh to the host as the root user, you can run `docker exec --user 0 ...` to get a shell in the container as the root user. When running on Kubernetes, you might be able to utilize [1] to gain root access to the host node for the pod, and then you can exec into the container as the root user, as described in the doc [0]. Or, if you don't have any pod security policies, you can set the pod's securityContext so that the container runs as the root user. The final option is to build a custom image with additional tooling. If you find other helpful resources, feel free to update that doc or send a note here, and I'll update the doc. - Michael [0] https://github.com/apache/pulsar/blob/master/docker/README.md#troubleshooting-non-root-containers [1] https://github.com/kvaps/kubectl-node-shell On Thu, May 26, 2022 at 5:24 PM Neng Lu <freen...@gmail.com> wrote: > > Hi All, > > I'm curious to learn once the image is run as non-root, how can we debug or > investigate production issues inside a running cluster? > > On Thu, May 19, 2022 at 12:14 PM Michael Marshall <mmarsh...@apache.org> > wrote: > > > Hello Pulsar Community, > > > > With the 2.10.0 release, our Pulsar Docker images default to run as a > > non-root user. In order to use the 2.10.0 Docker image with the Apache > > Pulsar Helm Chart, we need to merge this PR [0]. If you're able, > > please review it. Once merged, I propose that we follow up with a > > release so that users wanting to upgrade to 2.10.0 have an upgrade > > path. > > > > Thanks, > > Michael > > > > [0] https://github.com/apache/pulsar-helm-chart/pull/266 > > > > > -- > Best Regards, > Neng
