K
Q

Local docker and k8s react differently

3/4/2020

I have a simple docker-image based on nginx:alpine. On my local docker-deamon I can start it without any problems. But when I deploy it via k8s, then the container fails to start with the following error:

2020/03/04 08:01:38 [emerg] 1#1: open() "/var/run/nginx.pid" failed (13: Permission denied)
nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)

Has anybody an idea what happend? I bet, that there is something wrong with the k8s-cluster.

And my dockerfile looks like this:

#Dockerfile
# build nginx-container
FROM nginx:alpine

# delete nginx-default-page and creates non root user
RUN rm -rf /usr/share/nginx/html/* \
  && addgroup --gid 98761 nonroot \
  && adduser -u 9876 -G nonroot --disabled-password nonroot \
  && touch /var/run/nginx.pid \
  && chown 9876:98761 /var/run/nginx.pid \
  && chown -R 9876:98761 /var/cache/nginx

# copy our conf and web into nginx
COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY static-webfiles/* /usr/share/nginx/html/

USER 9876:98761

Edit

Here is the yaml for deployment. There is no same named deployment and I assign it to k8s with kubectl apply -f deloyment.yaml. Iam sure that the deployment using the docker-image.

#deployment.yaml
apiVersion: apps/v1
kind: Deployment

metadata:
  name: frontend
  labels:
    app: frontend
    environment: review

spec:
  replicas: 1
  revisionHistoryLimit: 1
  selector:
    matchLabels:
      app: frontend
      environment: review

  template:
    metadata:
      labels:
        app: frontend
        environment: review

    spec:
      containers:
        - name: frontend
          image: frontend:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 8080

Edit²

On my mini-kube-cluster the same image runs without any problem.

Edit³

I think there is docker-layer-caching issues. All environments, that are previous using the root-image, fails on this bug. When I build the docker-image locally and push it, then is all fine.
The only thing, that I changed in Dockerfile was the non root-updates.

I will delete all cached versions in our repos and and try it again.

-- akop
docker
kubernetes
nginx

Similar Questions

EKS Kubernetes cannot list resource "namespaces" in API group "" at the cluster scope
how to check restart reason of stateful set in kubernetes cluster
Kubernetes infrastructure as code best practice
What is the difference between Helm and Kustomize?

1 Answer

3/16/2020

I'am pretty sure that the bug comes from kaniko.
See this https://github.com/GoogleContainerTools/kaniko/issues/550
and https://github.com/GoogleContainerTools/kaniko/issues/647

So, we can't build with our Pipelines and build images local until we update our kaniko.

-- akop
Source: StackOverflow