Hi team,
following this https://www.axoniq.io/blog/running-axon-server-in-docker-continuing-from-local-developer-install-to-containerized,I wanted to make the change of running axon as non-root for security concerns.
However, after adding these Dockerfile changes in regards to user creation,
getting following error:
Caused by: org.h2.jdbc.JdbcSQLException: The database is read only; SQL statement:
delete from "flyway_schema_history" where "type" = 'DELETE' or "success" = false [90097-197]
Dockerfile user creation:
RUN addgroup --system --gid 1001 axonserver \
&& adduser --system --uid 1001 --home /axonserver axonserver \
&& usermod -a -G axonserver axonserver \
&& mkdir -p /axonserver/config /axonserver/data /axonserver/events /axonserver/log /axonserver/exts /axonserver/plugins \
&& chown -R axonserver:axonserver /axonserver
COPY --from=source /etc/passwd /etc/group /etc/
COPY --from=source --chown=axonserver /axonserver /axonserver
COPY --chown=axonserver axonserver.jar axonserver.properties /axonserver/
USER axonserver
WORKDIR /axonserver
VOLUME [ "/axonserver/config", "/axonserver/data", "/axonserver/events", "/axonserver/log", "/axonserver/exts", "/axonserver/plugins" ]
EXPOSE 8024/tcp 8124/tcp 8224/tcp
ENTRYPOINT [ "java", "-jar", "./axonserver.jar" ]
In the StatefulSet, added
template:
metadata:
labels:
app: axonserver
spec:
securityContext:
runAsUser: 1001
fsGroup: 1001
Any idea what I could be missing?