How to elevate privileges in sbt-built docker image

7/12/2019

I'm trying to debug my application, which is running in kubernetes in a docker container. The image is built using sbt native-packager docker plugin. I would like to login to the pod and investigate there, but the default user account (demiourgos728) has no privileges and I don't know how to switch to a root account.

I've tried running kubectl exec --user=root image -- bash (user not found), also tried to run su - in the image (authentication failure), with no success. The base image used for building the app is java:8.

These are my docker settings in build.sbt:

.settings(
    Seq(
      dockerBaseImage := "java:8",
      publishArtifact := false,
      dockerExposedPorts ++= Seq(8088), 
      packageName in Docker := "api-endpoint"
    ))
-- arunasm
docker
kubernetes
sbt
scala

1 Answer

7/13/2019

--user=root in kubectl is for authenticating on your kube-apiserver and not forcing the container to execute a command as a user in the container.

If you are running docker on your nodes and want to force escalate to root you can ssh to the node where your container is running and then run:

$ docker exec -it --user=root <container-id> bash
# or
$ docker exec -it -u root <container-id> bash

You can find out the node where your pod/container is running by using:

$ kubectl describe pod <pod-id>
-- Rico
Source: StackOverflow