Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploying nats helm chart gives nats-box KO /root permission denied #72

Open
antoinetran opened this issue Apr 26, 2024 · 1 comment
Open

Deploying nats helm chart gives nats-box KO /root permission denied #72

antoinetran opened this issue Apr 26, 2024 · 1 comment
Labels
defect Suspected defect such as a bug or regression

Comments

@antoinetran
Copy link

What version were you using?

nats helm chart 1.1.10

What environment was the server running in?

Kubernetes OpenShift

Is this defect reproducible?

Yes

  1. In OpenShift environment with no root policy. When deploying nats helm chart:
 helm upgrade --install my-nats nats/nats --version 1.1.10 --namespace nats
  1. In a simpler way, with just docker:
docker run -u 12345 --rm -ti natsio/nats-box:0.14.2 sh -c "id && pwd && cd /root"
uid=12345 gid=0(root) groups=0(root)
/
sh: cd: line 0: can't cd to /root: Permission denied

Given the capability you are leveraging, describe your expectation?

The working dir set in Dockerfile https://github.com/nats-io/nats-box/blob/main/Dockerfile#L54 should not be /root, because in production environment, images are launched as non root. Instead, the working dir should be agnostic of that, by example by setting it to /tmp.

Given the expectation, what is the defect you are observing?

Deployment of nats-box in error. Logs says permission denied for /root.
@antoinetran antoinetran added the defect Suspected defect such as a bug or regression label Apr 26, 2024
@antoinetran
Copy link
Author

Workaround in nats helm chart. Write a values.yaml:

natsBox:
  container:
    merge:
      resources: {}
      # OpenShift: no root means cd /root gives permission denied
      workingDir: /tmp

Although I am using nats helm chart, this is for me a bug in nats-box image itself. Which is why this issue is in this repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Suspected defect such as a bug or regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@antoinetran