Use unprivileged docker image

Release https://github.com/DFE-Digital/terraform-modules/releases/tag/v0.36.0 dropped default container capabilities. It included the CHOWN capability which is required by the nginx image running as root. It caused error: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted) And the pod failed to start. Switch to unprivileged docker image and using a high port to solve the issue.
DFE-Digital · Aug 8, 2024 · 78135e7 · 78135e7
1 parent 7824df8
commit 78135e7
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,3 @@
-FROM nginx:1.25.3-alpine3.18-slim
+FROM nginxinc/nginx-unprivileged:1.26.1
 
 COPY ./build/ /usr/share/nginx/html
diff --git a/terraform/application/.terraform.lock.hcl b/terraform/application/.terraform.lock.hcl
diff --git a/terraform/application/application.tf b/terraform/application/application.tf
@@ -29,7 +29,7 @@ module "web_application" {
   cluster_configuration_map  = module.cluster_data.configuration_map
   kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name
   kubernetes_secret_name     = module.application_configuration.kubernetes_secret_name
-  web_port = 80
+  web_port = 8080
   probe_path = "/"
 
   docker_image = var.docker_image