k8s 使用非root用户启动
Dockerfile
FROM 192.168.15.198/source/tomcat8_jdk1.8:202107131202 MAINTAINER fengjian <[email protected]> RUN groupadd -g 2000 fengjian && useradd -u 1000 -g 2000 fengjian RUN mkdir /data/webserver -p ADD start.sh /data/webserver/ ADD gateway-0.0.1-SNAPSHOT.jar /data/webserver/ RUN chown -R fengjian.fengjian /data/webserver /data/logs /data/tomcat && \ chmod +x /data/webserver/start.sh USER 1000:2000 EXPOSE 8080 ENTRYPOINT ["/data/webserver/start.sh"]
k8s fengjian-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: fengjian namespace: testfeng spec: selector: matchLabels: app: fengjian-label replicas: 1 template: metadata: labels: app: fengjian-label annotations: "cni.projectcalico.org/ipv4pools": "[\"default-ipv4-ippool\"]" spec: dnsConfig: options: - name: single-request-reopen containers: - name: fengjian image: 192.168.15.198/source/testfeng:202111010909 imagePullPolicy: Always resources: limits: cpu: 1000m memory: 8192Mi requests: cpu: 100m memory: 1024Mi ports: - containerPort: 8080 securityContext: runAsUser: 1000 runAsGroup: 2000标签:fengjian,2000,name,root,用户,webserver,k8s,data From: https://www.cnblogs.com/gaoyuechen/p/16868752.html