I have a container with the base image "tomcat:9.0.87"
We are supposed to restrict the login access (kubectl exec) into the container. We are able to login to the container with shell and bash commands.
I removed sh login, by removing "sh" from the Dockerfile but the same doesn't work when I remove /bin/bash.
Below is the Dockerfile:
FROM public.int.repositories.cloud.sap/tomcat:9.0.87 as deploy
COPY --from=build /cdi-web/target/cdi-web.war /usr/local/tomcat/webapps
RUN rm -rf /bin/sh /bin/dash /bin/bash
EXPOSE 8080
CMD ["catalina.sh", "run"]
Any suggestions?
I tried to remove bash from the image using the below command
RUN rm -rf /bin/sh /bin/dash /bin/bash
after which pod itself is not getting created.
I get the below error when I describe the pod:
Back-off restarting failed container <containername> in pod <podname>
pod logs
/usr/bin/env: ‘bash’: No such file or directory
CMD ["catalina.sh", "run"]
This is likely a shell script with a shebang that invokes bash.
If you remove bash, this script that relies on bash cannot run, so the container cannot start.