Permission denied while using Docker to build an image

System Information
  • Strapi Version: 4.14.5:
  • Operating System: Oracle Linux, Docker version 24:
  • Database:
  • Node Version: 18:
  • **NPM Version: **:
  • Yarn Version:

I use this official instruction from Strapi docs to create Docker images that I use in Kubernetes
The problem is that I can run docker build only by root since otherwise I have these errors

Step 2/24 : RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1
—> Running in eef8c9a406ec

WARNING: updating and opening …/alpine/v3.18/main: Permission denied

WARNING: updating and opening …/alpine/v3.18/community: Permission denied
4 unavailable, 0 stale; 17 distinct packages available
The command ‘/bin/sh -c apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1’ returned a non-zero code: 4

I cannot use root as I use GitLab CI/CD script that runs under ordinary user on Linux runner. I have set up the user (added to docker group) so I can run docker images but not to build the Dockerfile from the instruction

What is the best way to allow the user to build the image? As a workaround I ran docker build under root and now I can run docker build under the ordinary user since it has these instructions cached in docker but I do not think this is a good approach

PS Even if I pass the Step 2 then I have other permission issues that were described here
PPS Since I’m a new user I cannot paste more than 2 links so my docker output is a bit stripped

Any ideas how to fix this?

I think that if you want to run this as a NON root user you could use a rootless image itself.
It depends how your K8s is setup.
It also depends how your Dockerfile is setup,.
The default one uses root to update the system then a node user that’s built in to run and compile everything,.

This is not a matter of K8 cluster at all since the problem is in building docker image (it does not matter where it’s going to be used: Docker or K8)
So you say that I will need root permissions to correctly build Strapi image? In this case this is something related allowing user to run sudo to build a correct image? I do not think that rootless is the correct way of doing this or I am wrong?

Well you technically DONT want the image to have a root user.
But a root user is the one that can install system packages.
The dockerfile is built to use the root user to update the system and install it’s packages just as much as you would update a linux system either with sudo or root. Then change the user to a NON root user and run the application.

I think it’s a misunderstanding. I do not need to change a user inside a docker file
I just cannot build the image on the host system since it throws an error at step 2, while it tries to do

RUN apk update && apk add
I do not think that Strapi need root privileges to run inside a docker container so I’m fine to run it under some ordinary user. But how do I build an image with such errors for this if I’m not a root in the system?

The only thing that I see here is to set up this user in the host system to run sudo docker build instead of simple docker build
Am i correct?

I see, how have you setup docker on the system itself?
Permission denied sounds to me like you have a rootless docker and the system itself does not have write access to the disk to create the image as that is technically the FIRST step it will do first line would only be what image to use as base.