I'd like to start with I'm new to docker/kubernetes, so I apologize if I get terminologies wrong.
We are trying to get our docker image to run on kubernetes. When deployed on kubernetes, the yaml file generated has this line:
securityContext:
runAsUser: 1000
runAsGroup: 1000
As is, the website doesn't work, but if changed to 0 from 1000, it works.
We suspect that it has to do with apache in our Dockerfile, but haven't been able to figure out how to fix it. Here is the Dockerfile (with ENV and COPY commands removed):
FROM cern/cc7-base
EXPOSE 8083
RUN yum update -y && yum install -y \
ImageMagick \
httpd \
npm \
php \
python3-pip
RUN echo "alias python=python3" >>~/.bashrc
RUN yum update -y && yum install -y \
epel-release \
root \
python3-root
COPY requirements.txt /code/requirements.txt
RUN pip3 install -r /code/requirements.txt
RUN mkdir /db /run/secrets
RUN chown -R apache:apache /db /var/www /run/secrets
RUN ln -s /dev/stdout /etc/httpd/logs/access_log
RUN ln -s /dev/stderr /etc/httpd/logs/error_log
RUN chown apache:apache /etc/httpd/logs/error_log
RUN chown apache:apache /etc/httpd/logs/access_log
RUN chmod 666 /etc/httpd/logs/error_log
RUN chmod 666 /etc/httpd/logs/access_log
WORKDIR /webapp
COPY webapp/package.json /webapp/package.json
RUN npm install
COPY webapp /webapp
RUN npm run build
RUN cp -r /webapp/build /var/www/public
RUN cp -r /webapp/build /webapp/public
RUN mkdir /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chmod 777 /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chgrp -R 1000 /run && chmod -R g=u /run
RUN chgrp -R 1000 /etc/httpd/logs && chmod -R g=u /etc/httpd/logs
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
Some of the things I tried are: How to run Apache as non-root user?, https://www.henryxieblogs.com/2020/01/dockerfile-example-of-linux-nonroot.html, https://takac.dev/docker-run-apache-as-non-root-user-based-on-the-official-image/
I am not sure if they are not addressing my problem, or if I am just executing the solutions wrong.
CodePudding user response:
Changing the location of error_log, access_log in httpd.conf solved this for me. I also changed all the apache:apache
to 1000:1000
in the Dockerfile.
I got the idea to change the location of the logs from here: