Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration can't start as non-root if it was created wit Jib #6038

Closed
mss55 opened this issue Jan 17, 2025 · 1 comment
Closed

Integration can't start as non-root if it was created wit Jib #6038

mss55 opened this issue Jan 17, 2025 · 1 comment
Labels
kind/bug Something isn't working

Comments

@mss55
Copy link

mss55 commented Jan 17, 2025

What happened?

Integration created with JIB strategy can't be running with non-root privilege.

Pod crashed with log:

Error: Could not find or load main class io.quarkus.bootstrap.runner.QuarkusEntryPoint
Caused by: java.lang.ClassNotFoundException: io.quarkus.bootstrap.runner.QuarkusEntryPoint

I created container with kit image manually docker run --rm -it --user 1001:1001 --entrypoint bash camel-k-kit-cu4h8ob6evos739qojvg:395852198
, run bash and inspect files permission:

I have no name!@60e635e71a4f:/$ id
uid=1001 gid=1001 groups=1001

I have no name!@60e635e71a4f:/$ ls -ld /deployments/
drwxr-xr-x 3 root root 4096 Jan  1  1970 /deployments/

I have no name!@60e635e71a4f:/$ ls -ld /deployments/dependencies/
dr-xr--r-- 5 root root 4096 Jan  1  1970 /deployments/dependencies/

I have no name!@60e635e71a4f:/$ ls -ld /deployments/dependencies/*
ls: cannot access '/deployments/dependencies/app': Permission denied
ls: cannot access '/deployments/dependencies/lib': Permission denied
ls: cannot access '/deployments/dependencies/quarkus': Permission denied
ls: cannot access '/deployments/dependencies/quarkus-app-dependencies.txt': Permission denied
ls: cannot access '/deployments/dependencies/quarkus-run.jar': Permission denied

Directory /deployments/dependencies/ doesn't have X (list) permission for other users and jar files inside can't be accessed.

Integration kit created with Spectrum publish strategy starts normally.

Steps to reproduce

  1. Install IntegrationPlatform with Publish Strategy: Jib
  2. Run any integration as non-root user kamel run hello.groovy --trait security-context.run-as-user=1001
  3. Inspect integration pod logs

Relevant log output

Error: Could not find or load main class io.quarkus.bootstrap.runner.QuarkusEntryPoint
Caused by: java.lang.ClassNotFoundException: io.quarkus.bootstrap.runner.QuarkusEntryPoint

Camel K version

2.5.0
@mss55 mss55 added the kind/bug Something isn't working label Jan 17, 2025
@squakez
Copy link
Contributor

squakez commented Jan 18, 2025

This is fixed within upcoming version 2.6.0 (see #5960). You can run your application with any user now:

$ ./kamel run test.yaml -t security-context.run-as-user=1001 --dev
Integration "test" created
...
[1] Monitoring pod test-6c666694d8-99n5q
[1] 2025-01-18 08:23:36,208 INFO  [org.apa.cam.k.Runtime] (main) Apache Camel K Runtime 3.15.0
[1] 2025-01-18 08:23:36,288 INFO  [org.apa.cam.qua.cor.CamelBootstrapRecorder] (main) Apache Camel Quarkus 3.15.0 is starting

@squakez squakez closed this as completed Jan 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mss55 @squakez