I am trying to run a rethinkdb image on a Kubernetes cluster that has tight security measures and we must run containers as non-root, therefore I am using user 1000 to run them and I changed the Dockerfile to below:
FROM ubuntu:18.04
RUN apt update && apt install -y wget libcurl4 libprotobuf10 python3-pip
RUN wget https://github.com/srh/rethinkdb/releases/download/v2.3.6.srh.1/rethinkdb_2.3.6.srh.1.0bionic_amd64.deb
RUN dpkg -i rethinkdb_2.3.6.srh.1.0bionic_amd64.deb
ADD rethinkdb_tables /opt/rethinkdb_tables
RUN pip3 install rethinkdb==2.3
ADD entry_point.sh /opt/entry_point.sh
ENV RUN_ENV docker-compose
RUN id
RUN apt-get update && apt-get install -y sudo
RUN groupadd newuser
RUN useradd -u 1000 -m -g newuser newuser
RUN adduser newuser sudo
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN mkdir /data
RUN chown -R newuser:0 /opt/
RUN chown -R newuser:0 /data
USER newuser
ENTRYPOINT [ "sh", "/opt/entry_point.sh" ]
CMD []
The entry_point.sh is a small script that starts the rethinkdb and as soon as the rethinkdb is up it imports some tables. But I am getting below error:
Launch rethinkdb in Kubernetes
Could not create directory 'rethinkdb_data': Permission denied
How I can fix this? I have to mention that this is the way that I used to run my other images as non-root and this worked for them.
Since the rethinkdb wanted to create the rethinkdb_data at / I decided to create that directory myself in the Dockerfile and change its owner so rethinkdb can access it and this solved my problem.