diff options
author | jananib <janani.b@huawei.com> | 2020-04-16 01:10:29 +0530 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-04-16 13:13:17 +0000 |
commit | 0973cd1d23c2917c840cf21630d8c565732bbe1b (patch) | |
tree | a5f18c3857ff7829bd550039dd90d45a617fce52 /ms/py-executor | |
parent | 5f21c169bbeae55797a61238208290a763b3f86b (diff) |
Making POD run as non-root
Non-root user addition
Change-Id: I45ebc75940c020fdda79fbe454461a19df39c525
Issue-ID: CCSDK-2149
Signed-off-by: jananib <janani.b@huawei.com>
(cherry picked from commit b21a8dcb57767134eca44de57b863b457db6b88e)
Diffstat (limited to 'ms/py-executor')
-rw-r--r-- | ms/py-executor/docker/Dockerfile | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile index 043e15d53..bb1b0f79c 100644 --- a/ms/py-executor/docker/Dockerfile +++ b/ms/py-executor/docker/Dockerfile @@ -1,5 +1,7 @@ FROM python:3.7-slim +RUN groupadd -r onap && useradd -r -g onap onap + RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz @@ -10,6 +12,8 @@ RUN tar -xzf /source.tar.gz -C /tmp \ RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt -VOLUME /opt/app/onap/blueprints/deploy/ +RUN chown onap:onap /opt -R +VOLUME /opt/app/onap/blueprints/deploy/ +USER onap ENTRYPOINT /opt/app/onap/python/start.sh |