Reputation: 1422
Google Cloud Run and system capabilities
I have a docker image which I am running on Google's Cloud Run. When I want to run the image locally, I have to give my container additional capabilities like the following:
docker run -p 8080:8080 --cap-add=SYS_ADMIN gcr.io/my-project/my-docker-image
Is there a way of configuring Docker's capabilities in Cloud Run?
I stumbled upon this piece of API documentation from Google, but I don't know how to configure my container. I am not even sure that it is relevant to my situation.
Any help would be really appreciated.
Upvotes: 1
Views: 769
Answers (1)
Reputation: 4194
Expanding the POSIX capabilities is not an option on Cloud Run or Cloud Run on GKE as they represent expanding the security vulnerabilities of the underlying host.
Adding capabilities is often the easiest way to make something with special system demands work. More complex but frequently doable are modifications within the container environment or to the package configuration to get things working.
If what you're trying to do absolutely requires cap-add, this might be addressed in a feature request to the software package... or it may be a novel use case that Cloud Run cannot support but may in the future with your feedback.
Upvotes: 3
Related Questions
- Cloud Run ARM64 support
- Deploying Google Cloud Run to the Free Tier
- Gcloud and docker confusion
- GCP Cloud Run Limits
- Connect Google Cloud Run with Google Compute Engine or GKE
- Google Cloud Run Port
- Google Cloud Run security concerns
- Google Cloud platform and Containers
- How to configure Dockerfile correctly to run on Google Cloud Run?
- Is it possible to use Google Cloud Run to Docker Pull?