从 Kubernetes 中的 dockerfile 执行脚本 entrypoint.sh 时权限被拒绝
Permission denied while executing script entrypoint.sh from dockerfile in Kubernetes
我有一个 multistage dockerfile,我正在使用脚本 ENTRYPOINT ["./entrypoint.sh"].
在 k8s 中部署它
虽然 helm 和 env 是 Azure,但部署已完成。
创建容器时出错 "./entrypoint.sh": permission denied: unknown
Warning Failed 14s (x3 over 31s) kubelet Error: failed to create containerd task: OCI runtime create failed: container_linux.go:380: starting container process caused:
exec: "./entrypoint.sh": permission denied: unknown
Warning BackOff 1s (x4 over 30s) kubelet Back-off restarting failed container
我已给予 chmod +x 使其可执行并给予 chmod 755 许可。
Dockerfile
##############
## Build #
##############
FROM repo.azurecr.io/maven:3.8.1-jdk-11 AS BUILD
ARG WORKDIR=/opt/work
COPY . $WORKDIR/
WORKDIR ${WORKDIR}
COPY ./settings.xml /root/.m2/settings.xml
RUN --mount=type=cache,target=/root/.m2/repository \
mvn clean package -pl app -am
RUN rm /root/.m2/settings.xml
RUN rm ./settings.xml
#################
### Runtime #
#################
FROM repo.azurecr.io/openjdk:11-jre-slim as RUNTIME
RUN mkdir /opt/app \
&& useradd -ms /bin/bash javauser \
&& chown -R javauser:javauser /opt/app \
&& apt-get update \
&& apt-get install curl -y \
&& rm -rf /var/lib/apt/lists/*
COPY --from=BUILD /opt/work/app/target/*.jar /opt/app/service.jar
COPY --from=BUILD /opt/work/entrypoint.sh /opt/app/entrypoint.sh
RUN chmod +x /opt/app/entrypoint.sh
RUN chmod 755 /opt/app/entrypoint.sh
WORKDIR /opt/app
USER javauser
ENTRYPOINT ["./entrypoint.sh"]
PS:请不要复制 ,因为我已经添加了 RUN chmod +x entrypoint.sh,但它并没有解决问题。
在入口点使用 bash(或者您首选的 shell,如果不是 bash):
ENTRYPOINT [ "bash", "-c", "./entrypoint.sh" ]
这将 运行 入口点脚本,即使您没有将脚本设置为可执行文件(我看到您已设置)
您也可以将其与其他脚本类似地使用,例如 Python:
ENTRYPOINT [ "python", "./entrypoint.py" ]
您也可以尝试使用完整的可执行路径调用脚本:
ENTRYPOINT [ "/opt/app/entrypoint.sh" ]
我有一个 multistage dockerfile,我正在使用脚本 ENTRYPOINT ["./entrypoint.sh"].
虽然 helm 和 env 是 Azure,但部署已完成。 创建容器时出错 "./entrypoint.sh": permission denied: unknown
Warning Failed 14s (x3 over 31s) kubelet Error: failed to create containerd task: OCI runtime create failed: container_linux.go:380: starting container process caused:
exec: "./entrypoint.sh": permission denied: unknown
Warning BackOff 1s (x4 over 30s) kubelet Back-off restarting failed container
我已给予 chmod +x 使其可执行并给予 chmod 755 许可。
Dockerfile
##############
## Build #
##############
FROM repo.azurecr.io/maven:3.8.1-jdk-11 AS BUILD
ARG WORKDIR=/opt/work
COPY . $WORKDIR/
WORKDIR ${WORKDIR}
COPY ./settings.xml /root/.m2/settings.xml
RUN --mount=type=cache,target=/root/.m2/repository \
mvn clean package -pl app -am
RUN rm /root/.m2/settings.xml
RUN rm ./settings.xml
#################
### Runtime #
#################
FROM repo.azurecr.io/openjdk:11-jre-slim as RUNTIME
RUN mkdir /opt/app \
&& useradd -ms /bin/bash javauser \
&& chown -R javauser:javauser /opt/app \
&& apt-get update \
&& apt-get install curl -y \
&& rm -rf /var/lib/apt/lists/*
COPY --from=BUILD /opt/work/app/target/*.jar /opt/app/service.jar
COPY --from=BUILD /opt/work/entrypoint.sh /opt/app/entrypoint.sh
RUN chmod +x /opt/app/entrypoint.sh
RUN chmod 755 /opt/app/entrypoint.sh
WORKDIR /opt/app
USER javauser
ENTRYPOINT ["./entrypoint.sh"]
PS:请不要复制 RUN chmod +x entrypoint.sh,但它并没有解决问题。
在入口点使用 bash(或者您首选的 shell,如果不是 bash):
ENTRYPOINT [ "bash", "-c", "./entrypoint.sh" ]
这将 运行 入口点脚本,即使您没有将脚本设置为可执行文件(我看到您已设置)
您也可以将其与其他脚本类似地使用,例如 Python:
ENTRYPOINT [ "python", "./entrypoint.py" ]
您也可以尝试使用完整的可执行路径调用脚本:
ENTRYPOINT [ "/opt/app/entrypoint.sh" ]