In many Kubernetes environments it is a best practice to set the container user to be some arbitrary underprivileged UID. For example, this is a requirement on OpenShift.
I am trying to deploy onedev using Helm, with these values:
securityContext: runAsUser: 11111 runAsGroup: 11111
The pod crashes, with the following logs:
/bin/bash: /root/bin/entrypoint.sh: Permission denied
This is because in the Dockerfile, code is stored in /root.
/root
https://code.onedev.io/onedev/server/~files/bf56093cc4231963397f69d6a2f402d5715d87e9/server-product/docker/Dockerfile.server?position=source-25.1-25.32-1
My recommendation is to put code inside container images in a world-readable directory, for example, /app, /usr/local/bin, or /opt/onedev.
/app
/usr/local/bin
/opt/onedev
This is not a bug. OneDev currently does not support to run as non-root user inside container.
Type
Bug
Improvement
Underprivileged container user
Able to run OneDev as unprivileged user in docker
Able to run OneDev as unprivileged user in container
In many Kubernetes environments it is a best practice to set the container user to be some arbitrary underprivileged UID. For example, this is a requirement on OpenShift.
I am trying to deploy onedev using Helm, with these values:
The pod crashes, with the following logs:
This is because in the Dockerfile, code is stored in
/root
.https://code.onedev.io/onedev/server/~files/bf56093cc4231963397f69d6a2f402d5715d87e9/server-product/docker/Dockerfile.server?position=source-25.1-25.32-1
My recommendation is to put code inside container images in a world-readable directory, for example,
/app
,/usr/local/bin
, or/opt/onedev
.