k8s 使用非root用户启动
Dockerfile
FROM 192.168.15.198/source/tomcat8_jdk1.8:202107131202 MAINTAINER fengjian <[email protected]> RUN groupadd -g 2000 fengjian && useradd -u 1000 -g 2000 fengjian RUN mkdir /data/webserver -p ADD start.sh /data/webserver/ ADD gateway-0.0.1-SNAPSHOT.jar /data/webserver/ RUN chown -R fengjian.fengjian /data/webserver /data/logs /data/tomcat && \ chmod +x /data/webserver/start.sh USER 1000:2000 EXPOSE 8080 ENTRYPOINT ["/data/webserver/start.sh"]
k8s fengjian-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: fengjian
namespace: testfeng
spec:
selector:
matchLabels:
app: fengjian-label
replicas: 1
template:
metadata:
labels:
app: fengjian-label
annotations:
"cni.projectcalico.org/ipv4pools": "[\"default-ipv4-ippool\"]"
spec:
dnsConfig:
options:
- name: single-request-reopen
containers:
- name: fengjian
image: 192.168.15.198/source/testfeng:202111010909
imagePullPolicy: Always
resources:
limits:
cpu: 1000m
memory: 8192Mi
requests:
cpu: 100m
memory: 1024Mi
ports:
- containerPort: 8080
securityContext:
runAsUser: 1000
runAsGroup: 2000
标签:fengjian,2000,name,root,用户,webserver,k8s,data
From: https://www.cnblogs.com/gaoyuechen/p/16868752.html