Hi,
I have the constrains to run images with nonRootUser.
I tried to set the securityContext in my Deployment.yaml as following:
kind: Deployment
....
spec:
template:
spec:
securityContext:
nonRootUser: true
fsGroup: 1000
runAsUser: 1000
However, as I started the image I found out that in the default entrypoint and default CMD there is sudo required which will not work with nonRootUser. I am not to fimilar with PHP and PHP-FPM so I do not know if it is possible to remove this sudo parts.
Following lines in the php base image are in my opinion the problem:
399 ENTRYPOINT ["/docker-entrypoint.sh"]
400 CMD ["sudo", "-E", "LD_PRELOAD=/usr/lib/preloadable_libiconv.so", "php-fpm"]
Hi,
I have the constrains to run images with nonRootUser.
I tried to set the securityContext in my Deployment.yaml as following:
However, as I started the image I found out that in the default entrypoint and default CMD there is sudo required which will not work with nonRootUser. I am not to fimilar with PHP and PHP-FPM so I do not know if it is possible to remove this sudo parts.
Following lines in the php base image are in my opinion the problem:
399 ENTRYPOINT ["/docker-entrypoint.sh"]
400 CMD ["sudo", "-E", "LD_PRELOAD=/usr/lib/preloadable_libiconv.so", "php-fpm"]