I am trying to build a Non-Root Portainer Dockerfile, from centos:7.5.
The Dockerfile itself, and the deployment works really fine. Portainer is easy to set up and easy to deploy.
My issue is, I should not give to the images, a root permission. So, in order to do that, I built my Dockerfile, switching the owner of the portainer folder and data folder as well, to regular user (a non-root one).
RUN wget -O $USERWORKDIR/portainer-1.20.1-linux-amd64.tar.gz https://github.com/portainer/portainer/releases/download/1.20.1/portainer-1.20.1-linux-amd64.tar.gz
RUN cd $USERWORKDIR && tar xvpfz portainer-1.20.1-linux-amd64.tar.gz
RUN mkdir “/data” && chown -R regularuser:regularuser “/data”
Where regularuser ID and regularuser Group are already created.
But, after to do docker run, and try to access the portainer portal (which loads just fine), I get
Unable to create snapshot (endpoint=primary, URL=unix:///var/run/docker.sock) (err=Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/_ping: dial unix /var/run/docker.sock: connect: permission denied
This is the full docker command with the parameters:
docker run -d -p 9000:9000 --name portainer-1 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data my-portainer-image:latest --no-auth -H unix:///var/run/docker.sock
Anyone here already succeed trying to create a non-root Portainer Image? And for sure (I should ask that first), Portainer can be deployed as a docker container using a non-root user?
Any help will be extremely welcome!