I'm trying to achieve rootless PHP-FPM pod running in Kubernetes.
I tried simply running process in Kubernetes pod via init script that does php-fpm -FO as www-data user but it complaints about not having permissions to access /dev/stderr (log output location). Adding www-data user to the tty group also didn't help.
I tried specifying another location like /proc/self/fd/2 and even /dev/pts/1 as log location but to no avail.
Funny thing is, when I run docker run -itd app:latest su -l www-data -s /bin/sh -c php-fpm -FO &, basically the same startup command via Docker directly, it starts and works just fine.
I don't have any securityContext configured in Kubernetes that could affect process from starting normally.
Any suggestions/ideas to try?
If you experience the same error on different public apps, it may indicate an issue with GKE. You can report it via Issue Tracker.
If this error is specific to this app, consider different logging aggregator, for example the sidecar pattern.
There's more information regarding logging on GKE in this document.
Additionally, if you are using cOS with Docker, you should switch to containerd version because the former has been deprecated.