diff options
| author |   Stavros Kanarakis <stavros.kanarakis@nokia.com> | 2019-04-22 18:41:18 +0300 |
|---|---|---|
| committer | Stavros Kanarakis <stavros.kanarakis@nokia.com> | 2019-04-22 18:41:18 +0300 |
| commit | f6668af5c6a624dc3053a2217dacce82ad7b547a (patch) | |
| tree | a8f7e7c0d78f8eafa4e128c50010cae49533cdab | |
| parent | da4ba6e2c81f3dd7157e1cc06a92e91c5a38aa95 (diff) | |
Run BBS-ep docker container as non-root
Replaced docker maven plugin to introduce Dockerfile.
Corrected component blueprint to deploy BBS-ep as a service component
instead of a platform one.
Change-Id: If3af67eef1a9f68554ee215d24b54f9cd4b7ce80
Issue-ID: DCAEGEN2-1446
Signed-off-by: Stavros Kanarakis <stavros.kanarakis@nokia.com>
4 files changed, 56 insertions, 45 deletions
diff --git a/components/bbs-event-processor/.dockerignore b/components/bbs-event-processor/.dockerignore new file mode 100644 index 00000000..842d1756 --- /dev/null +++ b/components/bbs-event-processor/.dockerignore @@ -0,0 +1,5 @@ +dpo +src +target +!target/libs/* +!target/*.jar
\ No newline at end of file diff --git a/components/bbs-event-processor/Dockerfile b/components/bbs-event-processor/Dockerfile new file mode 100644 index 00000000..e799bd92 --- /dev/null +++ b/components/bbs-event-processor/Dockerfile @@ -0,0 +1,21 @@ +FROM openjdk:8-jre-alpine + +ARG PROJECT_BUILD_DIR_NAME +ARG FINAL_JAR +ARG DEPENDENCIES_DIR +ARG DOCKER_ARTIFACT_DIR + +#Add a new user and group to allow container to be run as non-root +RUN addgroup -S bbs-ep && adduser -S -G bbs-ep bbs-ep + +#Copy dependencies and executable jar +WORKDIR ${DOCKER_ARTIFACT_DIR} +COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} . +#Overcome Docker limitation to put ARG inside ENTRYPOINT +RUN ln -s ${FINAL_JAR} bbs-ep.jar +COPY ${PROJECT_BUILD_DIR_NAME}/${DEPENDENCIES_DIR} ./${DEPENDENCIES_DIR} + +EXPOSE 8100 + +USER bbs-ep:bbs-ep +ENTRYPOINT ["java", "-jar", "bbs-ep.jar"] diff --git a/components/bbs-event-processor/dpo/blueprints/k8s-bbs-event-processor.yaml-template b/components/bbs-event-processor/dpo/blueprints/k8s-bbs-event-processor.yaml-template index eaf6275a..5688dbac 100644 --- a/components/bbs-event-processor/dpo/blueprints/k8s-bbs-event-processor.yaml-template +++ b/components/bbs-event-processor/dpo/blueprints/k8s-bbs-event-processor.yaml-template @@ -43,9 +43,6 @@ inputs: type: integer description: number of instances default: 1 - host_port: - description: port on Kubernetes host where bbs-event-processor API will be exposed - default: 0 pnf_reregistration_url: type: string cpe_authentication_url: @@ -110,7 +107,7 @@ inputs: default: true node_templates: bbs-event-processor: - type: dcae.nodes.ContainerizedPlatformComponent + type: dcae.nodes.ContainerizedServiceComponent properties: application_config: streams_subscribes: @@ -168,10 +165,6 @@ node_templates: application.ssl.trustStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/trust.pass" application.ssl.enableAaiCertAuth: { get_input: aai_secure_enable_cert } application.ssl.enableDmaapCertAuth: { get_input: dmaap_secure_enable_cert } - host_port: - { get_input: host_port } - container_port: - 8100 docker_config: healthcheck: endpoint: /heartbeat @@ -181,10 +174,15 @@ node_templates: image: { get_input: tag_version } replicas: {get_input: replicas} - name: 'bbs-event-processor' - dns_name: 'bbs-event-processor' + service_component_type: 'bbs-event-processor' log_info: log_directory: "/opt/app/bbs-event-processor/logs" tls_info: cert_directory: '/opt/app/bbs-event-processor/etc/cert' - use_tls: true
\ No newline at end of file + use_tls: true + interfaces: + cloudify.interfaces.lifecycle: + start: + inputs: + ports: + - concat: ["8100:", "30810"]
\ No newline at end of file diff --git a/components/bbs-event-processor/pom.xml b/components/bbs-event-processor/pom.xml index a4a0ffdb..3615da05 100644 --- a/components/bbs-event-processor/pom.xml +++ b/components/bbs-event-processor/pom.xml @@ -40,7 +40,6 @@ <bbs-event-processor.main.class>org.onap.bbs.event.processor.Application</bbs-event-processor.main.class> <dependency.dir.name>libs</dependency.dir.name> <dependency.dir.location>${project.build.directory}/${dependency.dir.name}</dependency.dir.location> - <docker.artifact.dir>/opt</docker.artifact.dir> <docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> </properties> @@ -249,8 +248,8 @@ </plugin> <plugin> <groupId>com.spotify</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>1.2.0</version> + <artifactId>dockerfile-maven-plugin</artifactId> + <version>1.4.10</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -323,29 +322,17 @@ </plugin> <plugin> <groupId>com.spotify</groupId> - <artifactId>docker-maven-plugin</artifactId> + <artifactId>dockerfile-maven-plugin</artifactId> <configuration> - <serverId>${onap.nexus.dockerregistry.daily}</serverId> - <imageName>${docker.image.name}</imageName> - <imageTags> - <tag>latest</tag> - </imageTags> - <baseImage>openjdk:${java.version}-jre-alpine</baseImage> - <workdir>${docker.artifact.dir}</workdir> - <resources> - <resource> - <directory>${dependency.dir.location}</directory> - <targetPath>${dependency.dir.name}</targetPath> - </resource> - <resource> - <directory>${project.build.directory}</directory> - <include>${project.build.finalName}.jar</include> - </resource> - </resources> - <exposes> - <expose>8100</expose> - </exposes> - <entryPoint>["java", "-jar", "${project.build.finalName}.jar"]</entryPoint> + <contextDirectory>${project.basedir}</contextDirectory> + <repository>${docker.image.name}</repository> + <tag>latest</tag> + <buildArgs> + <PROJECT_BUILD_DIR_NAME>target</PROJECT_BUILD_DIR_NAME> + <DEPENDENCIES_DIR>${dependency.dir.name}</DEPENDENCIES_DIR> + <DOCKER_ARTIFACT_DIR>/opt</DOCKER_ARTIFACT_DIR> + <FINAL_JAR>${project.build.finalName}.jar</FINAL_JAR> + </buildArgs> </configuration> <executions> <execution> @@ -360,11 +347,11 @@ <phase>deploy</phase> <goals> <goal>tag</goal> + <goal>push</goal> </goals> <configuration> - <image>${docker.image.name}:latest</image> - <newName>${onap.nexus.dockerregistry.daily}/${docker.image.name}:latest</newName> - <pushImage>true</pushImage> + <repository>${onap.nexus.dockerregistry.daily}/${docker.image.name}</repository> + <tag>latest</tag> </configuration> </execution> <execution> @@ -372,11 +359,11 @@ <phase>deploy</phase> <goals> <goal>tag</goal> + <goal>push</goal> </goals> <configuration> - <image>${docker.image.name}:latest</image> - <newName>${onap.nexus.dockerregistry.daily}/${docker.image.name}:${project.version}</newName> - <pushImage>true</pushImage> + <repository>${onap.nexus.dockerregistry.daily}/${docker.image.name}</repository> + <tag>${project.version}</tag> </configuration> </execution> <execution> @@ -384,11 +371,11 @@ <phase>deploy</phase> <goals> <goal>tag</goal> + <goal>push</goal> </goals> <configuration> - <image>${docker.image.name}:latest</image> - <newName>${onap.nexus.dockerregistry.daily}/${docker.image.name}:${project.version}-${maven.build.timestamp}Z</newName> - <pushImage>true</pushImage> + <repository>${onap.nexus.dockerregistry.daily}/${docker.image.name}</repository> + <tag>${project.version}-${maven.build.timestamp}Z</tag> </configuration> </execution> </executions> |