cron 未在没有功能的 docker 容器中运行

Question

I have a docker container, in which I'm running the following cron job:

SHELL=/bin/bash
BASH_ENV=/container.env
*/1 * * * * find ${CLONE_DIR} -mmin +10 -exec rm -fr {} >> /var/log/cronjob.log 2>&1 \;

The cronjob works perfectly in my local environment (ie using docker-compose to launch the container).

In my production environment I use k8s and remove all capabilities from the container:

securityContext:
  capabilities:
    drop:
    - ALL

Which results in the job not running at all.

Checklist:

• I verified that cron service is running.
• No errors in the cron script.
• crontab -l lists the job

I've tested the container with and without capabilities and can verify that with it it works, and without it doesn't. Therefore, I think this is the problem.

What capability should I add to my container in order for this to work? Thanks for your help and attention.

Answer 1

The missing capability was: CAP_SETGID