We need a separate container for this.
We should make PMM Server Docker image Kubernetes-compatible.
- Use /readyz API for Docker HEALTHCHECK – moved to PMM-3019.
- Do not use root user anywhere inside container – except for in-place updates:
- Remove logrotate; use logging to stdout/stderr and supervisord for managing log files;
- Remove crond and all cron jobs;
- Use pmm user for nginx; listen in ports > 1023 – moved to PMM-4996;
- Start programs as pmm user;
- Start supervisord itself as pmm user;
- There may be more unexpected problems.
- In-place updates for non-k8s environments should not be broken.
(Comments below refer to the work done for PMM 1.x. See also previous discussion on PMM-354)
QA: run usual automation, check there is no root inside