summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2020-04-28 14:03:13 +0000
committerGerrit Code Review <gerrit@onap.org>2020-04-28 14:03:13 +0000
commit263b5c1cc1de8c9429d25e6b2aa23159f8c7ee9e (patch)
tree8846d93f613f5711c7f06cb415d284baecf35c7c
parent8134100d6d92a75906a55cb56b993179e97e01ec (diff)
parent0973cd1d23c2917c840cf21630d8c565732bbe1b (diff)
Merge "Making POD run as non-root" into frankfurt
-rw-r--r--ms/command-executor/src/main/docker/Dockerfile5
-rw-r--r--ms/py-executor/docker/Dockerfile6
2 files changed, 9 insertions, 2 deletions
diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile
index 70cf943f6..c38126066 100644
--- a/ms/command-executor/src/main/docker/Dockerfile
+++ b/ms/command-executor/src/main/docker/Dockerfile
@@ -5,10 +5,13 @@ RUN python -m pip install --upgrade pip
RUN pip install grpcio==${GRPC_PYTHON_VERSION} grpcio-tools==${GRPC_PYTHON_VERSION}
RUN pip install virtualenv==16.7.9
+RUN groupadd -r onap && useradd -r -g onap onap
+
COPY start.sh /opt/app/onap/start.sh
RUN chmod u+x /opt/app/onap/start.sh
RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
+RUN chown onap:onap /opt -R
COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
RUN tar -xzf /source.tar.gz -C /tmp \
@@ -17,5 +20,5 @@ RUN tar -xzf /source.tar.gz -C /tmp \
&& rm -rf /tmp/@project.build.finalName@
VOLUME /opt/app/onap/blueprints/deploy/
-
+USER onap
ENTRYPOINT /opt/app/onap/start.sh
diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile
index 043e15d53..bb1b0f79c 100644
--- a/ms/py-executor/docker/Dockerfile
+++ b/ms/py-executor/docker/Dockerfile
@@ -1,5 +1,7 @@
FROM python:3.7-slim
+RUN groupadd -r onap && useradd -r -g onap onap
+
RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,6 +12,8 @@ RUN tar -xzf /source.tar.gz -C /tmp \
RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt
-VOLUME /opt/app/onap/blueprints/deploy/
+RUN chown onap:onap /opt -R
+VOLUME /opt/app/onap/blueprints/deploy/
+USER onap
ENTRYPOINT /opt/app/onap/python/start.sh