Skip to main content

Requirements for deploying a container image

To deploy a container image to the Cloud Platform, you must ensure your container image:

  • is Linux-based, because we don’t support Windows-based images
  • runs a stateless and disposable application, because we restart containers frequently
  • runs as a non-root user, because we don’t allow containers to use root access for security reasons
  • runs on an unprivileged port (your image should expose a port over 1024, e.g 8080)
  • the timezone of the container is set to UTC

You must also keep your container image up to date and secure by default.

Running a container image as a non-root user

Some Docker images may already have a non-root variant. For example, if you’re running nginx, you can use the official nginx-unprivileged image instead.

Typically, you can adapt your Dockerfile to run as a non-root user by:

  1. creating a non-root user in your Dockerfile
  2. setting the USER instruction to use the non-root user when running your image

As each team and application can use a different base image, this minimal example shows you how to run an alpine/busybox base image as a non-root user.

FROM alpine:3.18

# Build your service here, which can use root privileges (e.g. sudo)
# At the end of your build, create and switch to a non-root user

# This will create a non-root user with the UID of 1001
RUN adduser -D nonroot -u 1001

# You must use a UID, not a username, here
USER 1001

If you need help to run your container as a non-root user, please speak to your team or consult the image vendor’s documentation.

Setting UTC timezone inside your container

Our cluster from the node level down to the metrics collection is based on the Coordinated Universal Time (UTC). We consciously avoid local timezones to avoid issues and bugs around daylight savings. Most containers are UTC by default but some are not. For debian based containers the following steps will set the TZ to UTC:

RUN apt install tzdata
RUN ln -fs /usr/share/zoneinfo/UTC /etc/localtime

If you have your TZ incorrectly set this may cause issues around metrics.

This page was last reviewed on 22 April 2024. It needs to be reviewed again on 22 April 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 22 April 2025 by the page owner #cloud-platform. This might mean the content is out of date.