Question posted in
The official documentation can be found here.

Docker image fails to run in GCP Cloud Run but is perfect locally

When I deploy I get a permission error:

"terminated: Application failed to start: "/app/node_modules/.bin": permission denied"

If I just run the image in my local cmd using Docker, it runs perfectly and I can browse my localhost:3000 to see the static page.

It’s a basic app that makes an api call to attain a list of items then displays them on a static page.

I’ve tried:

I’ve given the service account ‘Cloud Run Admin, Compute Admin, Storage Object Admin’.

Manually selected gen 2 GCR environment whilst also letting it auto select.

Inside the Dockerfile I’ve tried assigning ownership of that directory to the cloud run user and blasting the directory with a 777 for good measure:

  • RUN chown -R 65532:65532 /app/node_modules/.bin && chmod -R 777 /app/node_modules/.bin

Also added the whole app directory under the ownership of the cloud run user:

  • RUN chown -R 65532:65532 /app

Tried telling the application to run as root user:

  • USER root

Not that I’d keep these settings for a prod build, but I was just throwing all the loose permissions I could think of at it to see which (if any) would work. Nada so far.

I also tried running a ‘whoami’ etc from inside the container in the hope it would appear in the cloud run logs but nothing shows:

  • CMD ["sh", "-c", "chmod -R 777 /app/node_modules/.bin", "whoami && id && ls -la /app/node_modules/.bin && npm start"]

So I’m lost. Why does nothing work? What part of the Cloud Run mechanism am I missing? What needs that permission? Why does it work locally and not in Cloud Run?

Here’s the (now bloated mess) Dockerfile:

FROM node:alpine

WORKDIR /app

ENV PATH /app/node_modules/.bin:$PATH

# install app dependencies
COPY package.json ./
COPY package-lock.json ./
RUN npm install --silent

# Ensure the node_modules/.bin directory is owned by the non-root user and files are executable
RUN chown -R 65532:65532 /app/node_modules/.bin && chmod -R 777 /app/node_modules/.bin

# add app
COPY . ./

# Ensure the whole app directory is owned by the non-root user
RUN chown -R 65532:65532 /app

# Override any default entrypoint from the base image
ENTRYPOINT [""]

# Start the application as root
USER root

# start app
# CMD ["npm", "start"]
CMD ["sh", "-c", "chmod -R 777 /app/node_modules/.bin", "whoami && id && ls -la /app/node_modules/.bin && npm start"]
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I managed to figure it out. It was because the image was built locally on my M1 Mac, so was built for ARM but Cloud Run uses AMD64. Once I changed that it worked.

    Strange that the error had nothing to do with the actual issue, but here we are.

    Thanks everyone for your responses.


  2. 0

    Initial findings lead me to believe that the error is caused by build error / source code issues.

    To debug this, I would recommend enabling Cloud Logging with your Cloud Run for more granular logs. You can do so by following this documentation and setting up Cloud Logging. This will allow you to have more control over the logs that appear for your Cloud Run application.

    While granting root access and 777 permission is a reasonable start for troubleshooting the “permission denied” error, it is not the safest and secure approach. You might want to ease out on this by using non-root users and granting 755.

    Set your container to run as a user other than root with the Dockerfile USER statement. Some container images may already have a specific user configured.

    More information in Cloud Run best practices.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search