diff options
| author |   Alexander Mazuruk <a.mazuruk@samsung.com> | 2021-04-12 18:47:04 +0200 |
|---|---|---|
| committer |   Vijay Venkatesh Kumar <vv770d@att.com> | 2021-04-26 23:28:03 +0000 |
| commit | eba3e6a23105581e7a00ea3e99123ab480e38787 (patch) | |
| tree | bfc9e0559f6e577820e27fd9c2fcdbb63fb10843 /components/datalake-handler/des/Dockerfile | |
| parent | 09e6ad9eea88e511de6870b26dfa4b57dec7fcf3 (diff) | |
Change datalake-handler baseOS to integration-
des:
- less layers
- user without home, login shell & password
- general tidy-up
- add quotes in run.sh for safety
feeder:
- less layers
- user without home, login shell & password
- general tidy-up
- alpine's find is from busybox and is built without extended regex support.
grep is used for regex.
- adjusted regexes to be more precise
Benefits from switching base image over:
* minimal {java11,python} images maintained by integration team
* using currently "blessed by seccom" versions (:latest tag used)
* should limit spread of legal issues across layers
* integration images will be the first to have automated compliance
documentation
* should limit spread of base layers (contributing to deployment
footprint - more base layers = more to download, more to store etc...)
Issue-ID: INT-1864
Issue-ID: DCAEGEN2-2420
Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>
Change-Id: I02b2b9567680e8a873d13684fd2341339b4bc337
Diffstat (limited to 'components/datalake-handler/des/Dockerfile')
| -rw-r--r-- | components/datalake-handler/des/Dockerfile | 47 |
1 files changed, 23 insertions, 24 deletions
diff --git a/components/datalake-handler/des/Dockerfile b/components/datalake-handler/des/Dockerfile index 584ba9d6..46683a1d 100644 --- a/components/datalake-handler/des/Dockerfile +++ b/components/datalake-handler/des/Dockerfile @@ -1,6 +1,7 @@ # ============LICENSE_START=================================================== # Copyright (C) 2020 China Mobile. # Copyright (C) 2021 Wipro Limited +# Copyright (C) 2021 Samsung Electronics. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,36 +17,34 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END===================================================== - FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0 -MAINTAINER Kai Lu <lukai@chinamobile.com> +LABEL maintainer="Kai Lu <lukai@chinamobile.com>" + +ARG user=datalake +ARG group=datalake EXPOSE 1681 USER root -RUN addgroup datalake && adduser -G datalake -h /home/datalake -D datalake -RUN mkdir /home/datalake/db_init - -WORKDIR /home/datalake +WORKDIR /datalake +RUN addgroup $group && adduser --system --shell /bin/false --disabled-password --no-create-home --ingroup $group $user && \ + mkdir -p /datalake/db_init && \ + chown -R $user:$group /datalake && \ + chmod g+s /datalake #add the fat jar -COPY target/${JAR_FILE} . -COPY src/assembly/run.sh . -COPY src/assembly/init_db/db_scripts/init_db.sql . -COPY src/assembly/init_db/db_scripts/init_db_data.sql . - -WORKDIR /home/datalake/db_init -ADD src/assembly/init_db/scripts/db_init . - -WORKDIR /home/datalake - -RUN chmod -R 0755 ./* && \ - chown -R datalake:datalake /home/datalake - -RUN apk --update add postgresql-client curl - -USER datalake - -ENTRYPOINT /home/datalake/run.sh +COPY --chown=$user:$group target/${JAR_FILE} . +COPY --chown=$user:$group src/assembly/run.sh . +COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db.sql . +COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db_data.sql . +COPY --chown=$user:$group src/assembly/init_db/scripts/db_init ./db_init/ + +RUN chmod -R 0755 *.sql && \ + chmod u+x run.sh && \ + apk add --no-cache postgresql-client curl + +USER $user +ENTRYPOINT ["/bin/sh"] +CMD ["run.sh"] |