Making POD run as non-root

Non-root user addition Change-Id: I45ebc75940c020fdda79fbe454461a19df39c525 Issue-ID: CCSDK-2149 Signed-off-by: jananib <janani.b@huawei.com>
author: jananib <janani.b@huawei.com> 2020-04-16 01:10:29 +0530
committer: jananib <janani.b@huawei.com> 2020-04-16 01:10:29 +0530
commit: b21a8dcb57767134eca44de57b863b457db6b88e (patch)
tree: f82dd1dd85b1ec471bba42724bfd5ceaf276bb22 /ms/py-executor
parent: 3a27f2fee05ef874181ea818f28329c2567e52c5 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile
index 043e15d53..bb1b0f79c 100644
--- a/ms/py-executor/docker/Dockerfile
+++ b/ms/py-executor/docker/Dockerfile
@@ -1,5 +1,7 @@
 FROM python:3.7-slim
 
+RUN groupadd -r onap && useradd -r -g onap onap
+
 RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
 
 COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,6 +12,8 @@ RUN tar -xzf /source.tar.gz -C /tmp \
 
 RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt
 
-VOLUME /opt/app/onap/blueprints/deploy/
+RUN chown onap:onap /opt -R
 
+VOLUME /opt/app/onap/blueprints/deploy/
+USER onap
 ENTRYPOINT /opt/app/onap/python/start.sh
author	jananib <janani.b@huawei.com>	2020-04-16 01:10:29 +0530
committer	jananib <janani.b@huawei.com>	2020-04-16 01:10:29 +0530
commit	b21a8dcb57767134eca44de57b863b457db6b88e (patch)
tree	f82dd1dd85b1ec471bba42724bfd5ceaf276bb22 /ms/py-executor
parent	3a27f2fee05ef874181ea818f28329c2567e52c5 (diff)