diff options
| author |   Alexander Mazuruk <a.mazuruk@samsung.com> | 2021-02-18 17:01:57 +0100 |
|---|---|---|
| committer | Alexander Mazuruk <a.mazuruk@samsung.com> | 2021-04-08 23:14:51 +0200 |
| commit | 6302edb304f69068b108a69001d69bc6213b6a6a (patch) | |
| tree | 45832db93ac39fb2d597e9aa763bac232e6cac2b /dcae-analytics/dcae-analytics-tca-web/Dockerfile | |
| parent | 5ff6820d13c499828312bd736f485051a450c4f0 (diff) | |
Change openjdk baseOS img to integration-java11
Benefits from switching over:
* minimal {java11,python} images maintained by integration team
* using currently "blessed by seccom" versions (:latest tag used)
* should limit spread of legal issues across layers
* integration images will be the first to have automated compliance
documentation
* should limit spread of base layers (contributing to deployment
footprint - more base layers = more to download, more to store etc...)
Issue-ID: INT-1864
Issue-ID: DCAEGEN2-2420
Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>
Change-Id: I272dee1761e293b57f5c9df76f873d86f012a2ab
Diffstat (limited to 'dcae-analytics/dcae-analytics-tca-web/Dockerfile')
| -rw-r--r-- | dcae-analytics/dcae-analytics-tca-web/Dockerfile | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/dcae-analytics/dcae-analytics-tca-web/Dockerfile b/dcae-analytics/dcae-analytics-tca-web/Dockerfile index 411b6b1..2791e03 100644 --- a/dcae-analytics/dcae-analytics-tca-web/Dockerfile +++ b/dcae-analytics/dcae-analytics-tca-web/Dockerfile @@ -1,9 +1,4 @@ -# NOTE: This Dockerfile is auto generated and filtered via maven resources plugin. -# Edits to generated Dockerfile will NOT be saved. -# Only changes made in docker/Dockerfile template file will be persistent -# ========================================================================== - -FROM openjdk:11-jre-slim +FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0 MAINTAINER Rajiv Singla <rs153v@att.com> @@ -11,22 +6,26 @@ ARG PROJECT_BUILD_DIR_NAME ARG FINAL_JAR ARG DEPENDENCIES_DIR ARG DOCKER_ARTIFACT_DIR +ARG user=tca-gen2 +ARG group=tca-gen2 -RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2 -#Add a new user and group to allow container to be run as non-root -RUN groupadd tca-gen2 && useradd -g tca-gen2 tca-gen2; \ - chmod a+rwx /opt; \ - chmod a+rwx /var/log/ONAP/dcaegen2/analytics/tca-gen2; \ - chown -R tca-gen2:tca-gen2 /opt; \ - chown -R tca-gen2:tca-gen2 /var/log/ONAP/dcaegen2/analytics/tca-gen2 - -#Copy dependencies and executable jar WORKDIR ${DOCKER_ARTIFACT_DIR} +#Copy dependencies and executable jar COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} . -#Overcome Docker limitation to put ARG inside ENTRYPOINT -RUN ln -s ${FINAL_JAR} tca-gen2.jar + +USER root + +#Symlink to overcome Docker limitation to put ARG inside ENTRYPOINT +RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \ + addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \ + chmod g+rwx /opt; \ + chmod u+rw /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \ + chown -R $user /opt && \ + chown -R $user /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \ + ln -s ${FINAL_JAR} tca-gen2.jar && \ + chown $user ${FINAL_JAR} tca-gen2.jar EXPOSE 8100 -USER tca-gen2:tca-gen2 +USER $user ENTRYPOINT ["java", "-Dspring.profiles.active=configBindingService,dmaap,mongo", "-jar", "tca-gen2.jar"] |