Non-root support

How to run the container with non-root access via Docker Container

Step 1: get the docker image from docker hub (Refer to: Run image published on OPSWAT Docker Hub)

Step 2: launch docker image with non-root option

specific UID:GID = 1000:1000 to enable non-root support
beside that, below environment variable require to run the doc
- MD_USER=admin
- MD_PWD=admin
- ACCEPT_EULA=true
- DB_USER=postgres
- DB_PWD=postgres
- DB_MODE=1
- DB_HOST=localhost
- DB_PORT=5432
- DB_TYPE=local

Bash
    
xxxxxxxxxx
 
docker run --user 1000:1000 -it \-e MD_USER=admin -e MD_PWD=admin \-e ACCEPT_EULA=true -e DB_HOST=localhost \-e DB_MODE=1 -e DB_TYPE=local -e DB_USER=postgres -e DB_PWD=posgres \-e DB_PORT=5432 opswat/metadefendericapsrv-debian:5.8.0
Copy

Step 3: verify the UID:GID works properly

run command inside container to see the process mdicapsrv is running

Bash
    
xxxxxxxxxx
 
ps -ef
Copy

Non-root access on Kubernetes

Step 1: Download help chart of MD ICAP Server from Github

Step 2: Modify UID:GID to run as non-root

create file override.values.yaml to override default value

Bash
    
 
ACCEPT_EULA: falsemdicapsrv_user: admin                          # Initial admin user for the MD ICAP Server web interfacemdicapsrv_password: admin                      # Initial admin password for the MD ICAP Server web interface, if not set it will be randomly generatedmdicapsrv_license_key: <SET_LICENSE_KEY_HERE>  # A valid license key, **this value is mandatory**icap_components:  md_icapsrv:    securityContext:      runAsUser: 1000  # Specify the UID of the user, id is 1000      runAsGroup: 1000 # Specify the GID of the group, id is 1000      runAsNonRoot: true      allowPrivilegeEscalation: false
Copy

Step 3: deploy the helm chart with override values

Bash
    
xxxxxxxxxx
 
helm install mdicapsrv -n default -f override.values.yaml .
Copy

Step 4: verify the pod and mdicapsrv are running

How to customer the UID and GID value?

The default value of UID and GID is 1000, these default value can be customized via Docker toolkit on My OPSWAT Portal and rebuild a new image (refer to Using build tool kit with your own docker image)

Step 1: modify RUN_UID and RUN_GID value in file Dockerfile

Step 2: Rebuild docker image

Bash
    
xxxxxxxxxx
 
cd <build-kit-directory>docker build --build-arg VERSION=5.8.0 -t oharbor.opswat.com/icap/mdicapsrv-debian:5.8.0 .
Copy

Last updated on

Was this page helpful?