Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Docker build for terrascan to use numeric UID #766

Closed
jlk opened this issue May 11, 2021 · 1 comment · Fixed by #773
Closed

Update Docker build for terrascan to use numeric UID #766

jlk opened this issue May 11, 2021 · 1 comment · Fixed by #773
Assignees
@Rchanger
Labels
bug

Comments

@jlk
Copy link
Contributor

jlk commented May 11, 2021

  • terrascan version: 1.5.0
  • Operating System: MacOS

Description

When developing helm chart, to follow best practices I'd like to set a securityContext of runAsNonRoot: true
Unfortunately, when the k8s deployment creates a pod, the following error is seen in pod details:

Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  13s               default-scheduler  Successfully assigned default/terrahook-7b8fd679ff-jsk5k to aks-agentpool-30212186-vmss000002
  Normal   Pulling    13s               kubelet            Pulling image "alpine/git"
  Normal   Pulled     12s               kubelet            Successfully pulled image "alpine/git"
  Normal   Created    12s               kubelet            Created container git-cloner
  Normal   Started    12s               kubelet            Started container git-cloner
  Normal   Pulled     9s (x2 over 10s)  kubelet            Container image "accurics/terrascan:1.5.0" already present on machine
  Warning  Failed     9s (x2 over 10s)  kubelet            Error: container has runAsNonRoot and image has non-numeric user (terrascan), cannot verify user is non-root

So looks like we need to change the Dockerfile to read

USER 101
@Rchanger
Copy link
Contributor

We can also set runAsUser field in helm configurations.

 runAsUser: 101

@Rchanger Rchanger mentioned this issue May 12, 2021
Merged
@Rchanger Rchanger linked a pull request May 12, 2021 that will close this issue
Modified the Dockerfile to use numeric UID #773
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rchanger Rchanger

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Modified the Dockerfile to use numeric UID Rchanger/terrascan
3 participants
@jlk @kanchwala-yusuf @Rchanger