search

DuendeSoftware / Support

Support for Duende Software products
20 stars 0 forks source link

Can we run Identity server using dotnet runtime chiseled images? #1263

Closed pranavatemerson closed 2 months ago

pranavatemerson commented 3 months ago

Which version of Duende IdentityServer are you using? 7.0.4 Which version of .NET are you using? 8.0 Describe the bug I am trying to create Identity server docker image with chiseled ubuntu base images to reduce vulnerabilities found security scans. I am using mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy-chiseled-extra to be specific. However, my kubenetes container fails to start without any logs. A clear and concise description of what the bug is. Identity server container fails to start with .net runtime chiseled images Below is my reference docker image

Base image

FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy-chiseled-extra AS base

Working directory of application

WORKDIR /home/app EXPOSE 443

Building

FROM mcr.microsoft.com/dotnet/sdk:8.0-jammy AS build ARG BUILD_CONFIGURATION=Release WORKDIR /src RUN dotnet restore MyProjectpath COPY . . WORKDIR "/src/MyProject" RUN dotnet build "./MyProject.csproj" -c $BUILD_CONFIGURATION -o /app/build --property WarningLevel=0

Publishing

FROM build AS publish ARG BUILD_CONFIGURATION=Release RUN dotnet publish "./MyProject.csproj" -c $BUILD_CONFIGURATION -o /app/publish --self-contained --property WarningLevel=0

Copy published to final

FROM base AS final WORKDIR /home/app COPY --from=publish /app/publish . ENTRYPOINT ["./MyProject"] To Reproduce

Steps to reproduce the behavior.

Expected behavior

A clear and concise description of what you expected to happen.

Log output/exception with stacktrace

data

Additional context

Add any other context about the problem here.

RolandGuijt commented 2 months ago

Can you please try this with a simple ASP.NET Core application without IdentityServer and let me know the results?

pranavatemerson commented 2 months ago

Oops! For those who are running into such issue: Chiseled .net runtime ubuntu image runs in a different security context. My helm chart was configured incorrectly to use other user. Verify the security context in which application is running. Make sure the user has r/w access to app directory. Identity server requires write access to app directory to create key in development environment. Closing this thread :)