Deploying nats helm chart gives nats-box KO /root permission denied

Question

Deploying nats helm chart gives nats-box KO /root permission denied

antoinetran opened this issue 7 months ago · 1 comments

antoinetran commented 7 months ago

What version were you using?

nats helm chart 1.1.10

What environment was the server running in?

Kubernetes OpenShift

Is this defect reproducible?

Yes

In OpenShift environment with no root policy. When deploying nats helm chart:

 helm upgrade --install my-nats nats/nats --version 1.1.10 --namespace nats

In a simpler way, with just docker:

docker run -u 12345 --rm -ti natsio/nats-box:0.14.2 sh -c "id && pwd && cd /root"
uid=12345 gid=0(root) groups=0(root)
/
sh: cd: line 0: can't cd to /root: Permission denied

Given the capability you are leveraging, describe your expectation?

The working dir set in Dockerfile https://github.com/nats-io/nats-box/blob/main/Dockerfile#L54 should not be /root, because in production environment, images are launched as non root. Instead, the working dir should be agnostic of that, by example by setting it to /tmp.

Given the expectation, what is the defect you are observing?

Deployment of nats-box in error. Logs says permission denied for /root.

Answer 1 · 2024-04-26T18:08:26.000Z

Workaround in nats helm chart. Write a values.yaml:

natsBox:
  container:
    merge:
      resources: {}
      # OpenShift: no root means cd /root gives permission denied
      workingDir: /tmp

Although I am using nats helm chart, this is for me a bug in nats-box image itself. Which is why this issue is in this repository.