Merge "Making POD run as non-root" into frankfurt

author: Dan Timoney <dtimoney@att.com> 2020-04-28 14:02:37 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2020-04-28 14:02:37 +0000
commit: 8134100d6d92a75906a55cb56b993179e97e01ec (patch)
tree: f91fabf31e5cea8c8a7dda2b7711188e1f4e7562 /ms/sdclistener
parent: 3d1df1b148ff42227dfaca470d395e3270623d60 (diff)
parent: b1362860131464876a09890c59cb949e1587bf23 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile
index 34f6443bf..5168dd9c2 100755
--- a/ms/sdclistener/distribution/src/main/docker/Dockerfile
+++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile
@@ -1,7 +1,9 @@
 FROM openjdk:8-jdk-alpine
 
+RUN addgroup -S onap && adduser -S onap -G onap
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN chown onap:onap /startService.sh
 RUN chmod 751 /startService.sh
 # add application
 COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,4 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \
  && rm -rf /source.tar.gz \
  && rm -rf /tmp/@project.build.finalName@
 
+RUN mkdir /opt/app/onap/cds-sdc-listener
+RUN chown onap:onap /opt -R
+USER onap
 ENTRYPOINT /startService.sh
author	Dan Timoney <dtimoney@att.com>	2020-04-28 14:02:37 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2020-04-28 14:02:37 +0000
commit	8134100d6d92a75906a55cb56b993179e97e01ec (patch)
tree	f91fabf31e5cea8c8a7dda2b7711188e1f4e7562 /ms/sdclistener
parent	3d1df1b148ff42227dfaca470d395e3270623d60 (diff)
parent	b1362860131464876a09890c59cb949e1587bf23 (diff)