fix: Fixed Dockerfiles to be able to run in Openshift without anyuid

[sebgott]

Implemented the OpenShift-without-anyuid permission fix in all relevant Dockerfile variants by making /usr/local/apisix group-owned by GID 0 and aligning group permissions with user permissions.

This was to complete #612 which seemed abandoned.

Dockerfile permissions update:

• Modified the debian, ubuntu and redhat Dockerfiles to recursively change the group ownership of /usr/local/apisix to group 0 and set group permissions to match user permissions.

[Baoyuantop]

1. redhat/Dockerfile missing non-root user setup
   debian and ubuntu have the full "create user → chown → chgrp → chmod → USER" flow, but redhat only adds chgrp/chmod — the container still runs as root and would still need anyuid SCC on OpenShift. Please either add the same user setup or note it as a follow-up issue.
2. Please clarify excluding debian-dev/Dockerfile
   Your commit message mentions "Remove for debian-dev" but the PR description doesn't explain why. If it's because debian-dev currently runs as root, that's fine — just state it explicitly.

[sebgott]

I removed the debian-dev changes as it is used for the :dev tag, judging from the Makefile, which already works without anyuid permissions. I built the redhat image as it is and I am currently running it in my Openshift environment, and I do not need to provide anyuid permissions to apisix, but I will align the Dockerfile with how the debian and ubuntu images are built.

[Copilot]

Pull request overview

This PR updates the container image Dockerfiles to run on OpenShift clusters that disallow anyuid, by ensuring /usr/local/apisix is accessible to processes running with the default OpenShift group (GID 0).

Changes:

• Recursively change /usr/local/apisix group ownership to GID 0 in Debian/Ubuntu images.
• Recursively align group permissions with user permissions (chmod -R g=u) for /usr/local/apisix.
• Add apisix user/group creation and switch the RedHat image to run as USER apisix.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
debian/Dockerfile	Makes /usr/local/apisix group-owned by GID 0 and aligns group permissions with user permissions.
ubuntu/Dockerfile	Same permission adjustments for the Ubuntu image variant.
redhat/Dockerfile	Adds apisix user/group, updates ownership/permissions of /usr/local/apisix, and runs the image as apisix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.