How to run TDM portal Docker container(tdmweb) using a different user than ROOT

book

Article ID: 221586

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

We used the docker images ( version 4.9.289.0 ) in a Kubernetes cluster. But all images use the user root.

We want to use a different user to run the pod tdmweb. We modify the dockerfile ( add the new user to the image, give the ownership of the repository /opt to the new user, add the variables that it needs (CATALINA_HOME, CATDMWEB_HOME, JAVA_HOME) but the pod failed to start. How can we run the pod with a different user than root?

Environment

Release : 4.9.1

Component : DOCKER

Resolution

 
 

After a lot of investigation and trial and failed efforts, the customer found the way to run the pod with another user than root 

The process that they took :

In the dockerfile they create the user(with id_user) and the group (with group_user), and they had to add java arguments for the heap size 

In the file deployment.yaml (where we defined the pod), they add the following, in the spec of the pod tdmweb

  securityContext:
    runAsUser: id_user
    runAsNonRoot: true
    runAsGroup: group_user
    fsGroup: group_user