Standard Openshift Security Context Constraints do not allow to run as root.
Here is the method:
oc adm policy add-scc-to-user anyuid -z default
re-deploy the application. You can use root do access.
oc adm policy remove-scc-from-user anyuid -z default
The purpose is to save data in PVC. For example, Jenkins docker files are all stored in container disk. We have to redo everything after jenkins restart. This is to move everything to PVC including the plugin files.
The Jenkins docker image may need to install docker, mvn, npm and other plugin. Here is an example of Dockerfile
FROM jenkins/jenkins:lts
User root
# replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
#COPY sources.list /etc/apt/sources.list
# update the repository sources list
# and install dependencies
RUN apt-get update
RUN apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common# docker repos
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add — \
&& echo “deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable” >> /etc/apt/sources.list.d/additional-repositories.list \
&& echo “deb http://ftp-stud.hs-esslingen.de/ubuntu xenial main restricted universe multiverse” >> /etc/apt/sources.list.d/official-package-repositories.list \
&& apt-key adv — keyserver keyserver.ubuntu.com — recv-keys 437D05B5 \
&& apt-get updateRUN curl -O https://download.docker.com/linux/ubuntu/dists/bionic/pool/edge/amd64/containerd.io_1.2.2-3_amd64.deb
RUN apt install ./containerd.io_1.2.2–3_amd64.deb# docker
RUN apt-get -y install docker-ce# nvm environment variables
ENV NVM_DIR /usr/local/nvm
ENV NODE_VERSION 4.4.7# install nvm
# https://github.com/creationix/nvm#install-script
RUN curl — silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash# install node and npm
RUN source $NVM_DIR/nvm.sh \
&& nvm install $NODE_VERSION \
&& nvm alias default $NODE_VERSION \
&& nvm use default# add node and npm to path so the commands are available
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH# confirm installation
RUN node -v
RUN npm -v
RUN docker -v
######################################################################
ARG MAVEN_VERSION=3.3.9
ARG USER_HOME_DIR=”/root”
RUN mkdir -p /usr/share/maven && \
curl -fsSL http://apache.osuosl.org/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz | tar -xzC /usr/share/maven — strip-components=1 && \
ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_CONFIG “$USER_HOME_DIR/.m2”#RUN apt-get install npm
RUN /usr/local/bin/install-plugins.sh sonar openshift-client openshift-login nodejs junit junit-realtime-test-reporter openid splunk-devops splunk-devops-extend blueocean blueocean-dashboard blueocean-autofavorite blueocean-bitbucket-pipeline blueocean-commons blueocean-config blueocean-core-js blueocean-display-url blueocean-events blueocean-git-pipeline blueocean-github-pipeline blueocean-i18n blueocean-jira blueocean-jwt blueocean-personalization blueocean-pipeline-api-impl blueocean-pipeline-scm-api blueocean-rest blueocean-web maven-plugin
RUN chmod -R 775 /var/jenkins_home
RUN mkdir /data
RUN chmod -R 775 /data
RUN echo -e “password\npassword” | passwd