3

I have a multistage dockerfile which I'm deploying in k8s with script as ENTRYPOINT ["./entrypoint.sh"].

Deployment is done though helm and env is Azure. While creating the container it errors out "./entrypoint.sh": permission denied: unknown

Warning  Failed     14s (x3 over 31s)  kubelet            Error: failed to create containerd task: OCI runtime create failed: container_linux.go:380: starting container process caused:
exec: "./entrypoint.sh": permission denied: unknown
Warning  BackOff    1s (x4 over 30s)   kubelet            Back-off restarting failed container

I have given chmod +x to make it executable and chmod 755 for permission.

Dockerfile

##############
##   Build   #
##############
FROM repo.azurecr.io/maven:3.8.1-jdk-11 AS BUILD
ARG WORKDIR=/opt/work

COPY . $WORKDIR/
WORKDIR ${WORKDIR}

COPY ./settings.xml /root/.m2/settings.xml

RUN --mount=type=cache,target=/root/.m2/repository \
    mvn clean package -pl app -am

RUN rm /root/.m2/settings.xml
RUN rm ./settings.xml

#################
###   Runtime   #
#################
FROM repo.azurecr.io/openjdk:11-jre-slim as RUNTIME
RUN mkdir /opt/app \
    && useradd -ms /bin/bash javauser \
    && chown -R javauser:javauser /opt/app \
    && apt-get update \
    && apt-get install curl -y \
    && rm -rf /var/lib/apt/lists/*

COPY --from=BUILD /opt/work/app/target/*.jar /opt/app/service.jar
COPY --from=BUILD /opt/work/entrypoint.sh /opt/app/entrypoint.sh

RUN chmod +x /opt/app/entrypoint.sh
RUN chmod 755 /opt/app/entrypoint.sh

WORKDIR /opt/app
USER javauser

ENTRYPOINT ["./entrypoint.sh"]

PS: Please don't make it duplicate of https://stackoverflow.com/a/46353378/2226710 as i have added RUN chmod +x entrypoint.sh and it didn't solved the issue.

Raushan
  • 307
  • 3
  • 12
  • 1
    Try using bash (or your preferred shell if not bash) in the entrypoint, e.g. `ENTRYPOINT [ "bash", "-c", "./entrypoint.sh" ]` – Blender Fox Jan 31 '22 at 15:14
  • Thanks @Blender Fox, it solved the issue. Meanwhile may i know what the difference between `ENTRYPOINT [ "./entrypoint.sh" ]` && `ENTRYPOINT [ "bash", "-c", "./entrypoint.sh" ]` in terms of permission? – Raushan Jan 31 '22 at 15:50
  • Also, can you please add the comment as a answer, so that i can accept it. Thanks! – Raushan Jan 31 '22 at 15:50
  • No problem, have added – Blender Fox Jan 31 '22 at 15:57
  • Does this work in plain Docker, without Kubernetes? When you run the pod/container are you doing anything like mounting volumes that might hide the content in the image? – David Maze Jan 31 '22 at 16:40
  • @DavidMaze pretty sure you can -- something similar like `docker run -it alpine bash -c /entrypoint.sh` – Blender Fox Jan 31 '22 at 18:34
  • @DavidMaze sorry, my previous suggested comment wouldn't work, alpine doesn't have bash by standard. Instead, try something like `docker run -it debian bash -c ./entrypoint.sh` – Blender Fox Feb 01 '22 at 11:09
  • 1
    Note that `bash -c ./entrypoint.sh` isn't substantially different from `./entrypoint.sh`. It is different from `bash entrypoint.sh`, which forces using GNU bash even if the script isn't executable or its "shebang" line `#!...` names a different interpreter. – David Maze Feb 01 '22 at 11:10

1 Answers1

5

Use bash (or your preferred shell if not bash) in the entrypoint:

ENTRYPOINT [ "bash", "-c", "./entrypoint.sh" ]

This will run the entrypoint script even if you haven't set the script as executable (which I see you have)

You an also use this similarly with other scripts, for example with Python:

ENTRYPOINT [ "python", "./entrypoint.py" ]

You could also try calling the script with full executable path:

ENTRYPOINT [ "/opt/app/entrypoint.sh" ]
Blender Fox
  • 4,442
  • 2
  • 17
  • 30
  • how do you add arguments to the entrypoint, in the same string or add to list ? – Pieter Sep 30 '22 at 06:40
  • IIRC, when using ENTRYPOINT, since that takes priority over CMD, when you run the container, it will use the ENTrYPOINT directive so to pass arguments to the ENTRYPOINT script, you would just do `docker run -it image-name arg1 arg2 arg3` – Blender Fox Sep 30 '22 at 07:06