summaryrefslogtreecommitdiffstats
path: root/ms/command-executor/src/main/docker
diff options
context:
space:
mode:
authorjananib <janani.b@huawei.com>2020-04-16 01:10:29 +0530
committerDan Timoney <dtimoney@att.com>2020-04-16 13:13:17 +0000
commit0973cd1d23c2917c840cf21630d8c565732bbe1b (patch)
treea5f18c3857ff7829bd550039dd90d45a617fce52 /ms/command-executor/src/main/docker
parent5f21c169bbeae55797a61238208290a763b3f86b (diff)
Making POD run as non-root
Non-root user addition Change-Id: I45ebc75940c020fdda79fbe454461a19df39c525 Issue-ID: CCSDK-2149 Signed-off-by: jananib <janani.b@huawei.com> (cherry picked from commit b21a8dcb57767134eca44de57b863b457db6b88e)
Diffstat (limited to 'ms/command-executor/src/main/docker')
-rw-r--r--ms/command-executor/src/main/docker/Dockerfile5
1 files changed, 4 insertions, 1 deletions
diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile
index 70cf943f6..c38126066 100644
--- a/ms/command-executor/src/main/docker/Dockerfile
+++ b/ms/command-executor/src/main/docker/Dockerfile
@@ -5,10 +5,13 @@ RUN python -m pip install --upgrade pip
RUN pip install grpcio==${GRPC_PYTHON_VERSION} grpcio-tools==${GRPC_PYTHON_VERSION}
RUN pip install virtualenv==16.7.9
+RUN groupadd -r onap && useradd -r -g onap onap
+
COPY start.sh /opt/app/onap/start.sh
RUN chmod u+x /opt/app/onap/start.sh
RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
+RUN chown onap:onap /opt -R
COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
RUN tar -xzf /source.tar.gz -C /tmp \
@@ -17,5 +20,5 @@ RUN tar -xzf /source.tar.gz -C /tmp \
&& rm -rf /tmp/@project.build.finalName@
VOLUME /opt/app/onap/blueprints/deploy/
-
+USER onap
ENTRYPOINT /opt/app/onap/start.sh