Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image kong/kong-gateway:3.5.0.3-amazonlinux-2023 does not allow write permissions for kong user #696

Open
lays147 opened this issue Feb 19, 2024 · 6 comments
Open

Image kong/kong-gateway:3.5.0.3-amazonlinux-2023 does not allow write permissions for kong user #696

lays147 opened this issue Feb 19, 2024 · 6 comments

Comments

@lays147
Copy link

lays147 commented Feb 19, 2024

Hi,

I'm using a Dockerfile with the kong/kong-gateway:3.5.0.3-amazonlinux-2023 and my plugins fail to start because apparently the kong user does not have written permissions to /usr/local/kong.

This problem does not occur using the image kong/kong-gateway:3.2.1.0-amazonlinux-2022 and kong:3.5-ubuntu for example.

The permissions of the folder are:
image

I'm seeking for advice on where to look to investigate this issue.
@hanshuebner
Copy link
Contributor

Hello @lays147,

sorry for taking long to respond: The /usr/local/kong directory should not be written to by plugins. It is preferable to create files under /var.

Can you explain why your plugins need to write to /usr/local/kong?

-Hans

@lays147
Copy link
Author

lays147 commented Mar 18, 2024
edited

Well, all the docs around plugins relate to adding the binaries to /usr/local/kong see: https://docs.konghq.com/gateway/latest/plugin-development/pluginserver/go/

There is NO documentation under Kong docs about the good practices where the plugins should be, and the issues that one can find on using it.

I don't have that issue on using the kong-ubuntu version, only with the amazonlinux one.

cc @hanshuebner

@hanshuebner
Copy link
Contributor

@lays147 I'm not sure I understand what you're looking for. In your description, you write that your plugins "fail to start" because they cannot write to /usr/local/kong. This seems to indicate that your plugin code wants to write some files to /usr/local/kong. Generally, I would advise against doing that and instead choose a path under /var when writing files from the plugin. If what you're trying is to write to /usr/local/kong from your Dockerfile, you can use the USER instruction in your Dockerfile to switch to the root user before copying files.

I understand that our documentation could be better. If you have a specific suggestion, feel free to contribute to docs.konghq.com - If you start a certain page that you feel is missing, we can add to it with our specific knowledge.

@lays147
Copy link
Author

lays147 commented Mar 19, 2024

@hanshuebner the problem is that the kong user does not have write permissions under /usr/local/kong where it creates the .socket files. The documentation points to that path as default, for the creation of it.

image

@hanshuebner
Copy link
Contributor

@lays147 You mentioned that you're using a custom Dockerfile - Can you add RUN chown kong /usr/local/kong to that so that the incorrect permissions set up by the container are fixed? This seems like a bug in the Amazon Linux container which we'll need to fix.

@lays147
Copy link
Author

lays147 commented Mar 19, 2024

@hanshuebner I changed to use the kong-ubuntu based image, since this one is recommended for enterprise users, which I'm not. I just reported the bug :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hanshuebner @lays147