Hello Jochen, Perfect. Thanks very much pointing this. It worked.
regards, Kuttaiah On Wed, Mar 11, 2020 at 12:15 AM Jochen Schalanda <[email protected]> wrote: > Hi Robin, > > I think you're approaching this from the wrong direction. > > Try setting an appropriate security context for your Kubernetes pod [1] > and make sure to not bind the Dropwizard application to a privileged port > (anything <1024), > then you should be fine. > > The Dropwizard application will run within the configured security context > of the pod and won't have root privileges. > > [1]: > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod > > > Best regards, > Jochen > > Am 10.03.2020 um 07:42 schrieb Kuttaiah Robin <[email protected]>: > > Hello, > > I did created a dropwizzard microservice as per the documentation in the > k8's cluster. > > When I get into that k8's pod I see it runs as root user. Basically, I > did, whoami within that terminal. This is a security concern for our > production. > > For this reason, I changed the as below; > > DefaultServerFactory defaultServerFactory = (DefaultServerFactory) > getServerFactory(); > defaultServerFactory.setStartsAsRoot(false); > > With this I get; > > ERROR [2020-03-10 06:29:59,267] io.dropwizard.cli.ServerCommand: Unable to > start server, shutting down > ! java.net.SocketException: Permission denied > ! at sun.nio.ch.Net.bind0(Native Method) > ! at sun.nio.ch.Net.bind(Net.java:433) > ! at sun.nio.ch.Net.bind(Net.java:425) > ! at > sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:220) > ! at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:85) > ! at > org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:342) > ! at > org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307) > ! at > org.eclipse.jetty.setuid.SetUIDListener.lifeCycleStarting(SetUIDListener.java:200) > ! ... 15 common frames omitted > ! Causing: java.lang.RuntimeException: java.net.SocketException: > Permission denied > ! at > org.eclipse.jetty.setuid.SetUIDListener.lifeCycleStarting(SetUIDListener.java:213) > ! at > org.eclipse.jetty.util.component.AbstractLifeCycle.setStarting(AbstractLifeCycle.java:204) > ! at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:71) > ! at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53) > ! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:45) > ! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87) > ! at io.dropwizard.cli.Cli.run(Cli.java:79) > ! at io.dropwizard.Application.run(Application.java:94) > ! at > com.oracle.insight.dropwizzard.DWMicroservice$DWStartable.start(DWMicroservice.java:80) > ! at > java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:995) > ! at > java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2137) > ! at > oracle.mtms.infra.services.bootstrap.lifecycle.LifecycleServiceImpl.startAdminServer(LifecycleServiceImpl.java:85) > > > > Any help? > > regards, > Robin Kuttaiah > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dropwizard-user/2e5562f9-977f-4c34-8c2a-77c0316ba29e%40googlegroups.com > <https://groups.google.com/d/msgid/dropwizard-user/2e5562f9-977f-4c34-8c2a-77c0316ba29e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dropwizard-user/F91EF470-D4E7-473F-B9B3-94D85DFBF34A%40schalanda.name > <https://groups.google.com/d/msgid/dropwizard-user/F91EF470-D4E7-473F-B9B3-94D85DFBF34A%40schalanda.name?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CAP%2B9362-teT86vrKO6uE6xJoST34ub4LJxEtoBcOThaVCE%3DDqg%40mail.gmail.com.
