You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is meant? Now the default runtime container user is set like this:
USER tarantool:tarantool
What is the problem with this method? The problem occurs when trying to install an builded image in a unprivileged Kubernetes container. The problem is described here.
The error occurs because it is important for the Kubernetes how the user was assigned (by name or UID). If you set a user by name, then Kubernetes cannot check the user's privileges. This happens because the container runtime interface of the Kubernetes has either an UID or a username. UID and the following user name are mutually exclusive. It's just how the container runtime interface standard got designed.
The problem can be solved by installing the user (and his group) by UID (assuming tarantool UID and GID are 1200):
USER 1200:1200
The text was updated successfully, but these errors were encountered:
dokshina
changed the title
Сhange the way you use USER instruction in Dockerfile
[4pt] Сhange the way you use USER instruction in Dockerfile
Mar 11, 2021
It is possible to run an image generated with the ``cartridge pack docker`` command in an unprivileged Kubernetes container. It became possible, because tarantool user now always has ``UID = 1200`` and ``GID = 1200``. Closes#481
What is meant? Now the default runtime container user is set like this:
USER tarantool:tarantool
What is the problem with this method? The problem occurs when trying to install an builded image in a unprivileged Kubernetes container. The problem is described here.
The error occurs because it is important for the Kubernetes how the user was assigned (by name or UID). If you set a user by name, then Kubernetes cannot check the user's privileges. This happens because the container runtime interface of the Kubernetes has either an UID or a username. UID and the following user name are mutually exclusive. It's just how the container runtime interface standard got designed.
The problem can be solved by installing the user (and his group) by UID (assuming tarantool UID and GID are 1200):
USER 1200:1200
The text was updated successfully, but these errors were encountered: