Home > Software design >  docker image only runs on kubernetes if runAsGroup, runAsUser are changed to 0 from 1000
docker image only runs on kubernetes if runAsGroup, runAsUser are changed to 0 from 1000

Time:03-10

I'd like to start with I'm new to docker/kubernetes, so I apologize if I get terminologies wrong.

We are trying to get our docker image to run on kubernetes. When deployed on kubernetes, the yaml file generated has this line:

securityContext:
    runAsUser: 1000
    runAsGroup: 1000

As is, the website doesn't work, but if changed to 0 from 1000, it works.

We suspect that it has to do with apache in our Dockerfile, but haven't been able to figure out how to fix it. Here is the Dockerfile (with ENV and COPY commands removed):

FROM cern/cc7-base
EXPOSE 8083

RUN yum update -y && yum install -y \
      ImageMagick \
      httpd \
      npm \
      php \
      python3-pip  

RUN echo "alias python=python3" >>~/.bashrc

RUN yum update -y && yum install -y \
      epel-release \
      root \
      python3-root


COPY requirements.txt /code/requirements.txt
RUN pip3 install -r /code/requirements.txt

RUN mkdir /db /run/secrets
RUN chown -R apache:apache /db /var/www /run/secrets

RUN ln -s /dev/stdout /etc/httpd/logs/access_log
RUN ln -s /dev/stderr /etc/httpd/logs/error_log

RUN chown apache:apache /etc/httpd/logs/error_log  
RUN chown apache:apache /etc/httpd/logs/access_log  
RUN chmod 666 /etc/httpd/logs/error_log
RUN chmod 666 /etc/httpd/logs/access_log

WORKDIR /webapp
COPY webapp/package.json /webapp/package.json
RUN npm install

COPY webapp /webapp
RUN npm run build
RUN cp -r /webapp/build /var/www/public
RUN cp -r /webapp/build /webapp/public

RUN mkdir /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chmod 777 /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons

RUN chgrp -R 1000 /run && chmod -R g=u /run
RUN chgrp -R 1000 /etc/httpd/logs && chmod -R g=u /etc/httpd/logs

CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

Some of the things I tried are: How to run Apache as non-root user?, https://www.henryxieblogs.com/2020/01/dockerfile-example-of-linux-nonroot.html, https://takac.dev/docker-run-apache-as-non-root-user-based-on-the-official-image/

I am not sure if they are not addressing my problem, or if I am just executing the solutions wrong.

CodePudding user response:

Changing the location of error_log, access_log in httpd.conf solved this for me. I also changed all the apache:apache to 1000:1000 in the Dockerfile.

I got the idea to change the location of the logs from here:

https://stackoverflow.com/a/525724/9062782

Page link:https//www.codepudding.com/Softwaredesign/330447.html

Prev:Flutter Status Bar transparent
Next:Dictionary looping on values per key
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding