K
Q

How to elevate privileges in sbt-built docker image

7/12/2019

I'm trying to debug my application, which is running in kubernetes in a docker container. The image is built using sbt native-packager docker plugin. I would like to login to the pod and investigate there, but the default user account (demiourgos728) has no privileges and I don't know how to switch to a root account.

I've tried running kubectl exec --user=root image -- bash (user not found), also tried to run su - in the image (authentication failure), with no success. The base image used for building the app is java:8.

These are my docker settings in build.sbt:

.settings(
    Seq(
      dockerBaseImage := "java:8",
      publishArtifact := false,
      dockerExposedPorts ++= Seq(8088), 
      packageName in Docker := "api-endpoint"
    ))
-- arunasm
docker
kubernetes
sbt
scala

Similar Questions

kubernetes node shows limit, but no limit set
How to create a task application in Spring Data Flow Server and mount a remote directory using Kubernetes?
minikube mount crashes: mount system call fails
Unable to get a response from nginx pod when pinged through a busybox pod
How to read Volumesnapshot object (or any K8s object)
How to easily duplicate helm charts
Edit file in k8s Pod in run time
Not able to prevent kubectl pod from recreating

1 Answer

7/13/2019

--user=root in kubectl is for authenticating on your kube-apiserver and not forcing the container to execute a command as a user in the container.

If you are running docker on your nodes and want to force escalate to root you can ssh to the node where your container is running and then run:

$ docker exec -it --user=root <container-id> bash
# or
$ docker exec -it -u root <container-id> bash

You can find out the node where your pod/container is running by using:

$ kubectl describe pod <pod-id>
-- Rico
Source: StackOverflow