Running Sombra as a non-root user

Running Sombra as a non-root user is an experimental feature. If a feature is not working as expected, please contact support.

Sombra spawns Custom Function processes with a separate, locked down user. However, when Sombra is not run as the root user, it cannot spawn a process with a different user. Since you're already running Sombra as a non-root user, we recommend running the Custom Function from the same user.

Set the CUSTOM_FUNCTION_EXECUTION_UID environment variable to the UID of the user running Sombra.
Set the CUSTOM_FUNCTION_EXECUTION_GID environment variable to the GID of the user running Sombra.

For example, if your Kubernetes cluster has a security context like this:

YAML

apiVersion: v1
kind: Pod
metadata:
  name: sombra-fdff6cdbc-b8vd5
  # ...
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    runAsNonRoot: true

Then you should set:

CUSTOM_FUNCTION_EXECUTION_UID=1000
CUSTOM_FUNCTION_EXECUTION_GID=3000

Running Sombra as a non-root user

Custom Functions