[midPoint] How run in kubernetes with non root user

AXP axp.p at tiscali.it
Fri Oct 4 20:09:41 CEST 2024 

Hello,

In my project I tried with success to run midpoint in docker, following 
the detailed documentation.
Now I need to move the project in Kubernetes Vanilla but we have some 
security restrictions from k8s service provider: the container must be 
run as non root user.
I needed to add the following securityContext configuration:

securityContext:
   allowPrivilegeEscalation: false
   capabilities:
     drop:
     - ALL
   runAsNonRoot: true
   runAsUser: 1000
   fsGroup: 1000

Executing the init container, it gives the following error, it seems not 
possible to write in var directory. The related persistent volume has 
been correctly created in k8s and mounted:

MP_INIT_DB variable with target for DB init files was not set - skipping 
db init file processing...
Initializing native structure of the db...
cp: can't create 'opt/midpoint/var/config.xml': No such file or directory
  - - - - - -
Applying setenv.sh from /opt/midpoint/bin directory.
Processing variable (MAP) ... midpoint.repository.jdbcUrl .:. 
jdbc:postgresql://mypg:5432/mydb
Processing variable (MAP) ... 
midpoint.repository.upgradeableSchemaAction .:. stop
Processing variable (MAP) ... midpoint.repository.hibernateHbm2ddl .:. none
Processing variable (MAP) ... midpoint.taskManager.clustered .:. true
Processing variable (MAP) ... file.encoding .:. UTF8
Processing variable (MAP) ... 
midpoint.repository.initializationFailTimeout .:. 60000
Processing variable (MAP) ... midpoint.nodeIdSource .:. hostname
Processing variable (MAP) ... midpoint.logging.alt.enabled .:. true
Processing variable (MAP) ... midpoint.repository.missingSchemaAction 
.:. create
Processing variable (MAP) ... midpoint.repository.database .:. postgresql
Processing variable (MAP) ... midpoint.repository.jdbcUsername .:. ****
Processing variable (MAP) ... midpoint.administrator.initialPassword .:. 
*****
Processing variable (MAP) ... midpoint.repository.jdbcPassword .:. *****
[INFO]
[INFO] Starting run sql scripts
[INFO]
[ERROR] Midpoint home config xml file '/opt/midpoint/var/config.xml' 
doesn't exist


I followed the simple and advanced examples in the github documentation 
with no luck 
(https://github.com/Evolveum/midpoint-kubernetes/tree/main/deployment/advanced), 
I not found any configuration to run as non root. Ideas?

Thanks in advance,
AXP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241004/858d3614/attachment.htm>

More information about the midPoint mailing list