-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Container file system permissions #1210
Comments
This also seems to be a problem when deploying images onto Google Cloud Run. Using GCP's default image (i.e. building from source with |
This issue is stale because it has been open for 90 days with no |
still an issue |
This issue is stale because it has been open for 90 days with no |
still an issue |
This issue is stale because it has been open for 90 days with no |
This is still an issue, please reopen. |
Hey, sorry for letting this slip so long. Let's see if we can figure out what's going on.
I'm definitely not able to reproduce this. I use |
Hey everyone!
For https://github.com/envelope-zero/backend, we recently started using goreleaser with ko to build the image for multiple architectures. We currently use the default image,
cgr.dev/chainguard/static
to get the benefit of running rootless.The Envelope Zero backend uses an sqlite database that is at
data/gorm.db
relative to the binary.For some environments, this works great, e.g. kubernetes, where users mount a volume with the correct permissions for the
nonroot
user.For other environments however, this does not work. For example in docker-compose and GitHub actions service containers, we cannot set the owner of a volume mount directory.
The default way for a docker build would be to create the needed
data
directory andchown
it in theDockerfile
.However, since ko does not use a Dockerfile, that is not possible.
Is there any guidance for how to solve this neatly, preferably without maintaining our own base image?
Thanks in advance for any ideas or feedback you might have!
The text was updated successfully, but these errors were encountered: