I want to run consul in kubernetes but I am not allowed to run it as user root.
Therefore I added
RUN addgroup consul root
to the Dockerfile (derived FROM consul:1.0.3)
and start the deployment in kubernetes with
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
xyz.service: consul-deployment
name: consul-deployment
spec:
template:
spec:
securityContext:
runAsUser: 100
Now I expect kubernetes to start consul with user 100 (who used to be the user consul when I started it locally in Docker and now should be member in the group root).
But now I get the following the error when the pod is started
chown: /consul/data: Operation not permitted
The chown is executed in Consuls docker-entrypoint.sh and I guess it (still) fails because user 100 is not root.
Can anybody explain me how to start a container with a non root user when the container has an entrypoint script expecting to be executed as root?
I ended up in fixing Consuls docker-entrypoint.sh to check if the user is root before executing the chown command by adding some if [ "$(id -u)" = "0" ] tests.