This is with OpenShift Container Platform 4.3.
FROM eclipse-mosquitto # Create folders USER root RUN mkdir -p /mosquitto/data /mosquitto/log # mosquitto configuration USER mosquitto # This is crucial to me COPY --chown=mosquitto:mosquitto ri45.conf /mosquitto/config/mosquitto.conf EXPOSE 1883
And, this is my
apiVersion: apps/v1 kind: Deployment metadata: name: mosquitto-broker spec: selector: matchLabels: app: mosquitto-broker template: metadata: labels: app: mosquitto-broker spec: containers: - name: mosquitto-broker image: org/repo/eclipse-mosquitto:1.0.1 imagePullPolicy: Always resources: limits: memory: "128Mi" cpu: "500m" volumeMounts: - name: mosquitto-data mountPath: /mosquitto/data - name: mosquitto-log mountPath: /mosquitto/log ports: - name: mqtt containerPort: 1883 volumes: - name: mosquitto-log persistentVolumeClaim: claimName: mosquitto-log - name: mosquitto-data persistentVolumeClaim: claimName: mosquitto-data
When I do a
oc create -f with the above YAML, I get this error,
2020-06-02T07:59:59: Error: Unable to open log file /mosquitto/log/mosquitto.log for writing. Maybe this is a permissions error; can’t tell. Anyway, going by the
Dockerfile, I see that
mosquitto is a user with UID and GID of
1883. So, I added the
securityContext as described here.
securityContext: fsGroup: 1883
When I do a
oc create -f with this modification, I get this error –
securityContext.securityContext.runAsUser: Invalid value: 1883: must be in the ranges: [1002120000, 1002129999].
This approach of adding an
initContainer to set permissions on volume does not work for me because, I have to be
root to do that.
So, how do I enable the Eclipse mosquitto container to write to