diff options
author | Alexander Mazuruk <a.mazuruk@samsung.com> | 2021-04-12 18:47:04 +0200 |
---|---|---|
committer | Vijay Venkatesh Kumar <vv770d@att.com> | 2021-04-26 23:28:03 +0000 |
commit | eba3e6a23105581e7a00ea3e99123ab480e38787 (patch) | |
tree | bfc9e0559f6e577820e27fd9c2fcdbb63fb10843 /components/datalake-handler/feeder/Dockerfile | |
parent | 09e6ad9eea88e511de6870b26dfa4b57dec7fcf3 (diff) |
Change datalake-handler baseOS to integration-
des:
- less layers
- user without home, login shell & password
- general tidy-up
- add quotes in run.sh for safety
feeder:
- less layers
- user without home, login shell & password
- general tidy-up
- alpine's find is from busybox and is built without extended regex support.
grep is used for regex.
- adjusted regexes to be more precise
Benefits from switching base image over:
* minimal {java11,python} images maintained by integration team
* using currently "blessed by seccom" versions (:latest tag used)
* should limit spread of legal issues across layers
* integration images will be the first to have automated compliance
documentation
* should limit spread of base layers (contributing to deployment
footprint - more base layers = more to download, more to store etc...)
Issue-ID: INT-1864
Issue-ID: DCAEGEN2-2420
Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>
Change-Id: I02b2b9567680e8a873d13684fd2341339b4bc337
Diffstat (limited to 'components/datalake-handler/feeder/Dockerfile')
-rw-r--r-- | components/datalake-handler/feeder/Dockerfile | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/components/datalake-handler/feeder/Dockerfile b/components/datalake-handler/feeder/Dockerfile index 9d79f7ef..769d21b8 100644 --- a/components/datalake-handler/feeder/Dockerfile +++ b/components/datalake-handler/feeder/Dockerfile @@ -1,31 +1,31 @@ FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0 -MAINTAINER Guobiao Mo <guobiaomo@chinamobile.com> +LABEL maintainer="Guobiao Mo <guobiaomo@chinamobile.com>" + +ARG user=datalake +ARG group=datalake EXPOSE 1680 USER root -RUN addgroup datalake && adduser -G datalake -h /home/datalake -D datalake -RUN mkdir /home/datalake/db_init - -WORKDIR /home/datalake +WORKDIR /datalake +RUN addgroup $group && adduser --system --shell /bin/false --disabled-password --no-create-home --ingroup $group $user && \ + chown -R $user:$group /datalake && \ + chmod g+s /datalake && \ + mkdir -p /datalake/db_init #add the fat jar -COPY target/${JAR_FILE} /home/datalake/ -COPY src/assembly/run.sh /home/datalake/ - -WORKDIR /home/datalake/db_init -ADD src/assembly/init_db/scripts/db_init . -WORKDIR /home/datalake -COPY src/assembly/init_db/db_scripts/init_db.sql . -COPY src/assembly/init_db/db_scripts/init_db_data.sql . - -RUN chmod -R 0755 ./* && \ - chown -R datalake:datalake /home/datalake - -RUN apk --update add postgresql-client curl - -USER datalake - -ENTRYPOINT /home/datalake/run.sh +COPY --chown=$user:$group target/${JAR_FILE} . +COPY --chown=$user:$group src/assembly/run.sh . +COPY --chown=$user:$group src/assembly/init_db/scripts/db_init ./db_init/ +COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db.sql . +COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db_data.sql . + +RUN chmod -R 0755 *.sql && \ + chmod u+x run.sh && \ + apk add --no-cache postgresql-client curl + +USER $user +ENTRYPOINT ["/bin/sh"] +CMD ["run.sh"] |