The Apache Pulsar community produces the apachepulsar/pulsar docker image with each official release.
Since the 2.10.0 release, these docker images run as an unnamed, non-root user that is also part of the root group, by default. This was done to increase container security. The user is part of the root group to ensure that the container image can easily run on OpenShift and to ensure that the Pulsar process can write to configuration files.
You can build and test the docker image on your own machine by running the ./build.sh script in this directory. Note that you first must build the project in order to have the right dependencies in your local environment.
If you want to use a connector, you can easily build an image with a curated list of connectors based on the official Apache Pulsar image. For more information please see the Pulsar Connectors repository.
Troubleshooting is harder because the docker image runs as a non-root user. For example, a non-root user won't be able to download arbitrary utilities. There are several ways to troubleshoot.
One option is to build a custom docker image that includes your preferred debugging tools. Here is an example of adding some tools to an existing docker image.
FROM apachepulsar/pulsar:2.10.0 # Switch to root user to download tools USER 0 # Install your preferred utilities RUN apt-get update \ && apt-get install -y vim net-tools unzip \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # Assuming you still want to run as a non root user by default USER 10000
The remaining debug options depend on your environment. For example, if you have access to the host running your container, you might be able to use the docker exec command to shell into the container. By using the --user argument, you can run as the root user.
If you‘re running your container on kubernetes, you can override the container’s default user by setting the pod's securityContext.
Bitnami provides a helpful guide here: https://engineering.bitnami.com/articles/running-non-root-containers-on-openshift.html.