Closed jichenjc closed 2 years ago
Dockerfile updated to
#FROM gcr.io/distroless/static:nonroot
FROM alpine:latest
# USER 65532:65532
can solve the problem, not sure why suddenly it start to have issue
COPY controlplane/nested/component-templates/ ./component-templates/
USER 65532:65532
ENTRYPOINT ["/manager"]
seems copy the folder doesn't set the permission in my env
I tried to give r
to the folder we copied but faced
gcr.io/distroless/static:nonroot doesn't have chmod utlity issue ..
I used gcr.io/distroless/static:debug as base image (instaend of nonroot) and found / $ ls -lh component-templates/ total 12K drwx------ 2 root root 4.0K Aug 4 01:43 nested-apiserver drwx------ 2 root root 4.0K Aug 4 01:43 nested-controllermanager drwx------ 2 root root 4.0K Aug 4 01:43 nested-etcd
it turn out if we copy the files to / , then it become own by root and 600 mode so 65532 user (nonroot user) not able to access the folder, not sure what happened though..
so I think better to copy files to /home/nonroot so that contianer run with 65532 ID should be able to see /home/nonroot data in any case
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/reopen
/remove-lifecycle rotten
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
@k8s-triage-robot: Closing this issue.
What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.]
I am testing my PR and I got following issue then I switch to
main
branch with a new git clone and still have same issue , not sure what happened by using https://github.com/kubernetes-sigs/cluster-api-provider-nested/blob/main/docs/dev-quickstart.mdWhat did you expect to happen:
Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]
Environment:
kubectl version
):/etc/os-release
):/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels]