Hi,
I am trying to create Dockerfile for aspnet with a none root user.
The Dockerfile and deployment runs without any errors but when I connect the pod, the user seens as “root”, and there is no newly created user and group output of “/etc/passwd”
I added the securityContext on DEPLOYMENT YAML file but some specs cannot seen on POD YAML file.
What am i missing? Could you share with me documentation?
Dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
RUN addgroup --group “groupname” --gid 2000 && adduser --uid 1000 --gid 2000 “username”
WORKDIR /app
RUN chown “username”:“groupname” /app
EXPOSE “portnumber1”
EXPOSE “portnumber2”
ENV ASPNETCORE_URLS=http://*.“portnumber”
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /Application
RUN dotnet restore
COPY . .
RUN dotnet publish
FROM base AS final
USER “username”:“groupname”
WORKDIR /app
RUN chown “username”:“groupname” /app
COPY --from=build --chown=“username”:“groupname” /publish .
ENV COMPlus_EnableDiagnostics=0
ENTRYPOINT [ “dotnet” , “DDL-Filename” ]
YAML FILE
For POD’s “spec → template → spec”
securityContext:
runAsNonRoot: true
runAsGroup: 2000
runAsUser: 1000
FOR CONTAINER’s “spec → template → spec → containers”
securityContext:
readOnlyRootFilesystem: true
allowPriviledgeEscalation: false
privileged: false
runAsNonRoot: true
runAsGroup: 2000
runAsUser: 1000
capabilities:
drop:
- ALL