这是流利的Docker镜像:https://github.com/fluent/fluentd-docker-image
以下是Dockerfile:
FROM fluent/fluentd:onbuild
USER root
# below RUN includes two plugins as examples
# elasticsearch and record-reformer are not required
# you may customize including plugins as you wish
RUN apk add --update --virtual .build-deps \
sudo build-base ruby-dev \
&& sudo -u fluent gem install \
fluent-plugin-elasticsearch \
fluent-plugin-record-reformer \
&& sudo -u fluent gem sources --clear-all \
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* \
/home/fluent/.gem/ruby/2.3.0/cache/*.gem
USER fluent
EXPOSE 24284
将其作为泊坞窗图像运行后
docker exec -it b3c565091160 /bin/sh
cat /etc/passwd
fluent:x:1000:1000::/home/fluent:
和
/home/fluent # ps -ef
PID USER TIME COMMAND
1 root 0:00 {fluentd} /usr/bin/ruby /usr/bin/fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins
8 root 0:12 {fluentd} /usr/bin/ruby /usr/bin/fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins
22 root 0:00 /bin/sh
28 root 0:00 ps -ef
/home/fluent # whoami
root
如何以流利的用户身份运行此Fluentd,特别是用户1000而不是ROOT?
答案 0 :(得分:0)
您必须在entrypoint.sh中对其进行调整 fluentd具有二进制启动命令,就像容器中的每个应用程序一样。 大多数情况下,此应用程序是从entrypoint.sh
启动的在这里我看不到entrypoint.sh或启动应用程序的位置? 首先,将设置此应用程序运行的ID。
答案 1 :(得分:0)
最后,我构建了自己的 flunentd 映像,以 centos 作为基础映像
运行:
docker run -v [pathOfDirectoryHaving fluent.conf]/:/etc/fluent/ -p 24224:24224 -d --name <Image Name>
DOCKERFILE
FROM centos:7
# Complete the core fluentd install:
# - Create a fluent user/group for this container to run as.
# - Install which RPM (required by RVM installer).
# - Load GPG key for RVM.
# - Install RVM.
# - Use RVM to install Ruby 2.4 and make it the default Ruby version.
# - Install Fluentd and Fluentd-Kafka gems.
# - Clean up the build-support RPMs installed by the RVM installer (by using yum history undo we also remove the dependent RPMs).
# - Run rvm cleanup to wipe out leftover Ruby source files.
RUN groupadd -g 1000 fluent && \
useradd -g fluent -u 1000 -m fluent && \
yum install -y which && \
# https://rvm.io/rvm/security
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB && \
curl -sSL https://get.rvm.io | bash -s stable && \
/bin/bash -c "source /etc/profile.d/rvm.sh && \
rvm install 2.4 && \
rvm use 2.4 --default && \
gem install fluentd -v 1.6.3 --no-document && \
gem install fluent-plugin-kafka -v 0.7.9 --no-document && \
gem install fluent-plugin-record-modifier --no-document && \
gem install fluent-plugin-secure-forward --no-document && \
rvm cleanup all" && \
mkdir /etc/fluent && \
yum -y --setopt=tsflags=noscripts remove libffi-devel-* && \
yum history -y undo last && \
yum -y clean all && \
#rpm --rebuilddb && \
#package-cleanup --problems && \
rm -rf /var/lib/yum/yumdb/*
# We expose port 24224 for the fluentd listener.
EXPOSE 24224
# Run fluentd as the fluent user (UID 1000). We must specify the user as a UID so that Kubernetes can determine
# that this container runs as a non-root user.
USER 1000
# Since we need to source /etc/profile.d/rvm.sh to populate PATH and other variables before invoking fluentd, use
# a bash login shell that in turn invokes fluentd.
ENTRYPOINT [ "/bin/bash", "-lc", "fluentd" ]