Kaniko image fails to build image as it has read only root access

[Sagar Veerla]

Hello all,

we are trying to build container using kaniko over a cluster without previlege access, however it fails with below error

error building image: error building stage: failed to get filesystem from image: error removing bin to make way for new symlink: unlinkat //bin: read-only file system

 

Creating an empty directory at /bin will let this step pass, but errors for other directories will show up the same as above.

How can this be resolved? Any guidane is appreciated.

Thanks,
Sagar

[Yossi Cohn]

 We also use Kaniko, I've failed to have it rootless.
What did is to remove all capabilities but few

So the securityContext looks like this

container:

securityContext:

allowPrivilegeEscalation: false

runAsNonRoot: false

capabilities:

drop:

- ALL

add:

- CHOWN

- FOWNER

- DAC_OVERRIDE

- SETUID

- SETGID