Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(openshift): fix remote write proxy - use unprivileged NGINX #2510

Merged
merged 1 commit into from
Sep 12, 2022
Merged

fix(openshift): fix remote write proxy - use unprivileged NGINX #2510

merged 1 commit into from
Sep 12, 2022

Conversation

kasia-kujawa
Copy link
Contributor

@kasia-kujawa kasia-kujawa commented Sep 8, 2022
edited
Loading

ref:

NGINX Unprivileged Docker Image is owned and maintained by NGINX on both GitHub and Docker Hub, see nginxinc/docker-nginx-unprivileged#19 (comment)

Some details about Nginx on OpenShift can be found here: https://torstenwalter.de/openshift/nginx/2017/08/04/nginx-on-openshift.html

With public.ecr.aws/nginx/nginx:1.21-alpine image following issue occurs on OpenShift 4.10:

% kubectl logs -n sumologic collection-sumologic-remote-write-proxy-5bb47649df-wv2dv  -p
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
30-tune-worker-processes.sh: error: can not modify /etc/nginx/nginx.conf (read-only file system?)
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/09/06 15:18:06 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
2022/09/06 15:18:06 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

kubectl get pods -n sumologic  | grep remote
collection-sumologic-remote-write-proxy-5bb47649df-68vcl     0/1     CrashLoopBackOff   9 (76s ago)   22m
collection-sumologic-remote-write-proxy-5bb47649df-gmlfg     0/1     CrashLoopBackOff   9 (69s ago)   22m
collection-sumologic-remote-write-proxy-5bb47649df-wv2dv     0/1     CrashLoopBackOff   9 (81s ago)   22m

@kasia-kujawa kasia-kujawa changed the title fix(openshift): fix remote write proxy -use unprivileged NGINX fix(openshift): fix remote write proxy - use unprivileged NGINX Sep 8, 2022
@github-actions github-actions bot added the documentation documentation label Sep 8, 2022
@kasia-kujawa kasia-kujawa force-pushed the fix-remote-write-proxy branch 4 times, most recently from dedc29a to 4a5cc70 Compare September 8, 2022 15:10
@kasia-kujawa kasia-kujawa marked this pull request as ready for review September 8, 2022 15:22
@kasia-kujawa kasia-kujawa requested a review from a team as a code owner September 8, 2022 15:22
perk-sumo
perk-sumo approved these changes Sep 8, 2022
View reviewed changes
Copy link
Contributor

@perk-sumo perk-sumo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve pending one comment about using Docker Hub

@kasia-kujawa kasia-kujawa force-pushed the fix-remote-write-proxy branch 2 times, most recently from b41c782 to ad60108 Compare September 12, 2022 11:02
@kasia-kujawa kasia-kujawa merged commit 7bb5f23 into main Sep 12, 2022
@kasia-kujawa kasia-kujawa deleted the fix-remote-write-proxy branch September 12, 2022 11:46
@swiatekm swiatekm mentioned this pull request Oct 17, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@perk-sumo perk-sumo perk-sumo approved these changes

@andrzej-stencel andrzej-stencel andrzej-stencel approved these changes

Assignees
No one assigned
Labels
documentation documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kasia-kujawa @perk-sumo @andrzej-stencel