diff options
author | jananib <janani.b@huawei.com> | 2020-04-23 19:28:43 +0530 |
---|---|---|
committer | jananib <janani.b@huawei.com> | 2020-04-23 19:28:43 +0530 |
commit | be864c3d32ea9dfe88f0e121734abdc950401449 (patch) | |
tree | e2ad7a1bd926c01a73e73b33af357d26e255e201 | |
parent | f08bff64a1f54e9e8ff5920963247b1a0cfe535b (diff) |
Making POD run as non-root
Non-root user addition
Change-Id: Id110aebea3d3526aaf319d8994670644a7bab698
Issue-ID: CCSDK-2149
Signed-off-by: jananib <janani.b@huawei.com>
4 files changed, 9 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile index 042041ebb..bd1b3804a 100755 --- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile +++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile @@ -11,11 +11,13 @@ FROM omahoco1/alpine-java-python COPY startService.sh /startService.sh RUN addgroup -S onap && adduser -S onap -G onap RUN chown onap:onap /startService.sh +RUN touch /velocity.log && chmod 777 /velocity.log +RUN chown onap:onap /velocity.log RUN chmod 777 /startService.sh && dos2unix /startService.sh # add application COPY --from=extractor /opt /opt -RUN mkdir /opt/app/onap/blueprints +RUN mkdir -p /opt/app/onap/blueprints/deploy RUN chown onap:onap /opt -R USER onap diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile index c38126066..e91265b56 100644 --- a/ms/command-executor/src/main/docker/Dockerfile +++ b/ms/command-executor/src/main/docker/Dockerfile @@ -11,7 +11,6 @@ COPY start.sh /opt/app/onap/start.sh RUN chmod u+x /opt/app/onap/start.sh RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log -RUN chown onap:onap /opt -R COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz RUN tar -xzf /source.tar.gz -C /tmp \ @@ -19,6 +18,9 @@ RUN tar -xzf /source.tar.gz -C /tmp \ && rm -rf /source.tar.gz \ && rm -rf /tmp/@project.build.finalName@ +RUN mkdir -p /opt/app/onap/blueprints/deploy +RUN chown onap:onap /opt -R + VOLUME /opt/app/onap/blueprints/deploy/ USER onap ENTRYPOINT /opt/app/onap/start.sh diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile index bb1b0f79c..638b09f39 100644 --- a/ms/py-executor/docker/Dockerfile +++ b/ms/py-executor/docker/Dockerfile @@ -12,6 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \ RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt +RUN mkdir -p /opt/app/onap/blueprints/deploy RUN chown onap:onap /opt -R VOLUME /opt/app/onap/blueprints/deploy/ diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile index 5168dd9c2..e9ecb8d66 100755 --- a/ms/sdclistener/distribution/src/main/docker/Dockerfile +++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile @@ -12,7 +12,8 @@ RUN tar -xzf /source.tar.gz -C /tmp \ && rm -rf /source.tar.gz \ && rm -rf /tmp/@project.build.finalName@ -RUN mkdir /opt/app/onap/cds-sdc-listener +RUN mkdir -p /opt/app/onap/cds-sdc-listener RUN chown onap:onap /opt -R + USER onap ENTRYPOINT /startService.sh |