When I deploy I get a permission error:
"terminated: Application failed to start: "/app/node_modules/.bin": permission denied"
If I just run the image in my local cmd using Docker, it runs perfectly and I can browse my localhost:3000 to see the static page.
It’s a basic app that makes an api call to attain a list of items then displays them on a static page.
I’ve tried:
I’ve given the service account ‘Cloud Run Admin, Compute Admin, Storage Object Admin’.
Manually selected gen 2 GCR environment whilst also letting it auto select.
Inside the Dockerfile I’ve tried assigning ownership of that directory to the cloud run user and blasting the directory with a 777 for good measure:
- RUN chown -R 65532:65532 /app/node_modules/.bin && chmod -R 777 /app/node_modules/.bin
Also added the whole app directory under the ownership of the cloud run user:
- RUN chown -R 65532:65532 /app
Tried telling the application to run as root user:
- USER root
Not that I’d keep these settings for a prod build, but I was just throwing all the loose permissions I could think of at it to see which (if any) would work. Nada so far.
I also tried running a ‘whoami’ etc from inside the container in the hope it would appear in the cloud run logs but nothing shows:
- CMD ["sh", "-c", "chmod -R 777 /app/node_modules/.bin", "whoami && id && ls -la /app/node_modules/.bin && npm start"]
So I’m lost. Why does nothing work? What part of the Cloud Run mechanism am I missing? What needs that permission? Why does it work locally and not in Cloud Run?
Here’s the (now bloated mess) Dockerfile:
FROM node:alpine
WORKDIR /app
ENV PATH /app/node_modules/.bin:$PATH
# install app dependencies
COPY package.json ./
COPY package-lock.json ./
RUN npm install --silent
# Ensure the node_modules/.bin directory is owned by the non-root user and files are executable
RUN chown -R 65532:65532 /app/node_modules/.bin && chmod -R 777 /app/node_modules/.bin
# add app
COPY . ./
# Ensure the whole app directory is owned by the non-root user
RUN chown -R 65532:65532 /app
# Override any default entrypoint from the base image
ENTRYPOINT [""]
# Start the application as root
USER root
# start app
# CMD ["npm", "start"]
CMD ["sh", "-c", "chmod -R 777 /app/node_modules/.bin", "whoami && id && ls -la /app/node_modules/.bin && npm start"]
2
Answers
I managed to figure it out. It was because the image was built locally on my M1 Mac, so was built for ARM but Cloud Run uses AMD64. Once I changed that it worked.
Strange that the error had nothing to do with the actual issue, but here we are.
Thanks everyone for your responses.
Initial findings lead me to believe that the error is caused by build error / source code issues.
To debug this, I would recommend enabling Cloud Logging with your Cloud Run for more granular logs. You can do so by following this documentation and setting up Cloud Logging. This will allow you to have more control over the logs that appear for your Cloud Run application.
While granting
root
access and777
permission is a reasonable start for troubleshooting the “permission denied” error, it is not the safest and secure approach. You might want to ease out on this by using non-root users and granting755
.More information in Cloud Run best practices.