Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide Docker image as non root #1757

Closed
curquiza opened this issue Oct 2, 2021 Discussed in #1756 · 5 comments · Fixed by #1759
Closed

Provide Docker image as non root #1757

curquiza opened this issue Oct 2, 2021 Discussed in #1756 · 5 comments · Fixed by #1759
Labels
tooling Not directly project related, like Docker, Homebrew...
Milestone
v0.24.0

Comments

@curquiza
Copy link
Member

curquiza commented Oct 2, 2021

Discussed in #1756

Originally posted by igaul October 1, 2021
Hi,
I'd like to request the official docker image run with a non root user, so the final image of Dockerfile would be something like this (what I am using)

`# Run
FROM alpine:3.14

ARG USER=meiliuser
ENV HOME /home/$USER
ENV MEILI_HTTP_ADDR 0.0.0.0:7700

download runtime deps as root and create $USER

RUN apk add -q --no-cache libgcc tini curl
&& adduser -D $USER
WORKDIR $HOME
USER $USER

copy file as $USER to $HOME

COPY --from=compiler /meilisearch/target/release/meilisearch .

EXPOSE 7700/tcp

CMD ["tini", "--","./meilisearch"]`

If interested, I would be happy to pr. Have a good weekend!
@curquiza curquiza added hacktoberfest tooling Not directly project related, like Docker, Homebrew... labels Oct 2, 2021
@igaul igaul mentioned this issue Oct 2, 2021
Merged
@spinales

This comment has been minimized.

Sign in to view
@Kerollmops Kerollmops assigned spinales and unassigned spinales Oct 2, 2021
bors bot added a commit that referenced this issue Oct 13, 2021
@bors @igaul
Merge #1759
965f18b 
1759: Feature docker as non root r=curquiza a=igaul

This closes #1757 . 
Adding a non root user with default name meiliuser.

Co-authored-by: gaul@pdx.edu <gaul@pdx.edu>
Co-authored-by: igaul <40813772+igaul@users.noreply.github.com>
@bors bors bot closed this as completed in d107b3f Oct 14, 2021
@curquiza curquiza added this to the v0.24.0 milestone Oct 18, 2021
@sovanna sovanna mentioned this issue Dec 6, 2021
Closed
@xvilo
Copy link

xvilo commented Jan 27, 2022
edited
Loading

As the change has been reverted (in #2032), can we re-open this issue? We would like to run Meilisearch on our Kubernetes cluster. Unfortunately we don't allow running images as a root user. Manually setting the securityContext to overrides this results in a Error: Permission denied (os error 13) error.

This feature would be highly appreciated

Edit, new issue was created over at #2051

@K2ouMais
Copy link

Hello everyone, we are having exatcly the same issue in kubernetes.

We dont allow any pod to run as root and so I wanted to ask if there is any solution for this?

Thanks in advance.

@rtmzshw
Copy link

rtmzshw commented Aug 1, 2023

did any one find a solution? same problem here

@xvilo
Copy link

xvilo commented Aug 2, 2023

Hi folks, please refer to #2051 instead, and see if you're able to create a pull request. Otherwise you'll have to wait or allow root for that specific container

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tooling Not directly project related, like Docker, Homebrew...
Projects
None yet
Milestone
v0.24.0
Development

Successfully merging a pull request may close this issue.

Feature docker as non root
5 participants
@xvilo @curquiza @spinales @K2ouMais @rtmzshw