当前位置: 文江博客 话题详情

如果 runAsGroup、runAsUser 从 1000 更改为 0,则 docker 镜像仅在 kubernetes 上运行

发布于 2025-01-10 11:07:52 字数 2324 浏览 0 评论 0 原文

首先,我是 docker/kubernetes 的新手,所以如果我弄错了术语,我深表歉意。

我们正在尝试让我们的 docker 镜像在 kubernetes 上运行。当部署在 kubernetes 上时,生成的 yaml 文件有这样一行:

securityContext:
    runAsUser: 1000
    runAsGroup: 1000

As is, the website does not work, but if change to 0 from 1000, it Works。

我们怀疑它与 Dockerfile 中的 apache 有关,但无法弄清楚如何修复它。这是 Dockerfile(删除了 ENV 和 COPY 命令):

FROM cern/cc7-base
EXPOSE 8083

RUN yum update -y && yum install -y \
      ImageMagick \
      httpd \
      npm \
      php \
      python3-pip  

RUN echo "alias python=python3" >>~/.bashrc

RUN yum update -y && yum install -y \
      epel-release \
      root \
      python3-root


COPY requirements.txt /code/requirements.txt
RUN pip3 install -r /code/requirements.txt

RUN mkdir /db /run/secrets
RUN chown -R apache:apache /db /var/www /run/secrets

RUN ln -s /dev/stdout /etc/httpd/logs/access_log
RUN ln -s /dev/stderr /etc/httpd/logs/error_log

RUN chown apache:apache /etc/httpd/logs/error_log  
RUN chown apache:apache /etc/httpd/logs/access_log  
RUN chmod 666 /etc/httpd/logs/error_log
RUN chmod 666 /etc/httpd/logs/access_log

WORKDIR /webapp
COPY webapp/package.json /webapp/package.json
RUN npm install

COPY webapp /webapp
RUN npm run build
RUN cp -r /webapp/build /var/www/public
RUN cp -r /webapp/build /webapp/public

RUN mkdir /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chmod 777 /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons

RUN chgrp -R 1000 /run && chmod -R g=u /run
RUN chgrp -R 1000 /etc/httpd/logs && chmod -R g=u /etc/httpd/logs

CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

我尝试过的一些操作是: 如何以非 root 用户身份运行 Apache?, https://www.henryxieblogs.com/2020/01/dockerfile-example-of-linux-nonroot.htmlhttps://takac.dev/docker-run-apache-as-non-root-user-based-on-the-official-image/

我不确定他们是否没有解决我的问题,或者如果我只是错误地执行了解决方案。

原文

I'd like to start with I'm new to docker/kubernetes, so I apologize if I get terminologies wrong.

We are trying to get our docker image to run on kubernetes. When deployed on kubernetes, the yaml file generated has this line:

securityContext:
    runAsUser: 1000
    runAsGroup: 1000

As is, the website doesn't work, but if changed to 0 from 1000, it works.

We suspect that it has to do with apache in our Dockerfile, but haven't been able to figure out how to fix it. Here is the Dockerfile (with ENV and COPY commands removed):

FROM cern/cc7-base
EXPOSE 8083

RUN yum update -y && yum install -y \
      ImageMagick \
      httpd \
      npm \
      php \
      python3-pip  

RUN echo "alias python=python3" >>~/.bashrc

RUN yum update -y && yum install -y \
      epel-release \
      root \
      python3-root


COPY requirements.txt /code/requirements.txt
RUN pip3 install -r /code/requirements.txt

RUN mkdir /db /run/secrets
RUN chown -R apache:apache /db /var/www /run/secrets

RUN ln -s /dev/stdout /etc/httpd/logs/access_log
RUN ln -s /dev/stderr /etc/httpd/logs/error_log

RUN chown apache:apache /etc/httpd/logs/error_log  
RUN chown apache:apache /etc/httpd/logs/access_log  
RUN chmod 666 /etc/httpd/logs/error_log
RUN chmod 666 /etc/httpd/logs/access_log

WORKDIR /webapp
COPY webapp/package.json /webapp/package.json
RUN npm install

COPY webapp /webapp
RUN npm run build
RUN cp -r /webapp/build /var/www/public
RUN cp -r /webapp/build /webapp/public

RUN mkdir /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chmod 777 /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons

RUN chgrp -R 1000 /run && chmod -R g=u /run
RUN chgrp -R 1000 /etc/httpd/logs && chmod -R g=u /etc/httpd/logs

CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

Some of the things I tried are: How to run Apache as non-root user?, https://www.henryxieblogs.com/2020/01/dockerfile-example-of-linux-nonroot.html, https://takac.dev/docker-run-apache-as-non-root-user-based-on-the-official-image/

I am not sure if they are not addressing my problem, or if I am just executing the solutions wrong.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

雪花飘飘的天空 2025-01-17 11:07:52

更改 httpd.conf 中 error_log、access_log 的位置为我解决了这个问题。我还将 Dockerfile 中的所有 apache:apache 更改为 1000:1000

我想从这里更改日志的位置:

https://stackoverflow.com/a/525724/9062782

Changing the location of error_log, access_log in httpd.conf solved this for me. I also changed all the apache:apache to 1000:1000 in the Dockerfile.

I got the idea to change the location of the logs from here:

https://stackoverflow.com/a/525724/9062782

回复 原文
~没有更多了~

关于作者

机场等船

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

微信用户

文章 0 评论 0

小情绪

文章 0 评论 0

追我者格杀勿论

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

笨死的猪

文章 0 评论 0

彭明超

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文