aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjananib <janani.b@huawei.com>2020-04-15 11:05:22 +0530
committerjananib <janani.b@huawei.com>2020-04-15 11:05:22 +0530
commit3a27f2fee05ef874181ea818f28329c2567e52c5 (patch)
treed5d18a5ea8cad0b67771126ea6680bfe5aa5c235
parent3ce18436a7fdbe20e5681785d88a62679d92ab0d (diff)
Making POD run as non-root
Non-root user addition Change-Id: I82995b0c0a6eb815e0422c6072c111c889c8c84a Issue-ID: CCSDK-2149 Signed-off-by: jananib <janani.b@huawei.com>
-rwxr-xr-xms/blueprintsprocessor/application/src/main/docker/Dockerfile5
-rwxr-xr-xms/sdclistener/distribution/src/main/docker/Dockerfile5
2 files changed, 10 insertions, 0 deletions
diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
index 1035915f1..042041ebb 100755
--- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
+++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
@@ -9,9 +9,14 @@ FROM omahoco1/alpine-java-python
# add entrypoint
COPY startService.sh /startService.sh
+RUN addgroup -S onap && adduser -S onap -G onap
+RUN chown onap:onap /startService.sh
RUN chmod 777 /startService.sh && dos2unix /startService.sh
# add application
COPY --from=extractor /opt /opt
+RUN mkdir /opt/app/onap/blueprints
+RUN chown onap:onap /opt -R
+USER onap
ENTRYPOINT [ "/startService.sh" ]
diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile
index 34f6443bf..5168dd9c2 100755
--- a/ms/sdclistener/distribution/src/main/docker/Dockerfile
+++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile
@@ -1,7 +1,9 @@
FROM openjdk:8-jdk-alpine
+RUN addgroup -S onap && adduser -S onap -G onap
# add entrypoint
COPY startService.sh /startService.sh
+RUN chown onap:onap /startService.sh
RUN chmod 751 /startService.sh
# add application
COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,4 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \
&& rm -rf /source.tar.gz \
&& rm -rf /tmp/@project.build.finalName@
+RUN mkdir /opt/app/onap/cds-sdc-listener
+RUN chown onap:onap /opt -R
+USER onap
ENTRYPOINT /startService.sh