I want to run consul in kubernetes but I am not allowed to run it as user root.
Therefore I added
RUN addgroup consul root
to the Dockerfile (derived FROM consul:1.0.3
)
and start the deployment in kubernetes with
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
xyz.service: consul-deployment
name: consul-deployment
spec:
template:
spec:
securityContext:
runAsUser: 100
Now I expect kubernetes to start consul with user 100
(who used to be the user consul
when I started it locally in Docker and now should be member in the group root
).
But now I get the following the error when the pod is started
chown: /consul/data: Operation not permitted
The chown
is executed in Consuls docker-entrypoint.sh
and I guess it (still) fails because user 100
is not root.
Can anybody explain me how to start a container with a non root user when the container has an entrypoint script expecting to be executed as root?
I ended up in fixing Consuls docker-entrypoint.sh
to check if the user is root before executing the chown command by adding some if [ "$(id -u)" = "0" ]
tests.