diff options
| author |   MichaelMorris <michael.morris@est.tech> | 2020-03-10 17:02:34 +0000 |
|---|---|---|
| committer |   Ofir Sonsino <os0695@intl.att.com> | 2020-03-18 12:04:58 +0200 |
| commit | 822061760575f4b1327bb0b8e73d266ec9fbdba0 (patch) | |
| tree | 6c8eb1bcbe3458db2a2a8fc489251531d6417c19 | |
| parent | cdff1c49539736b0bf16c119ba158ff776a3d5c9 (diff) | |
Run pods as non-root user
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-2798
Change-Id: Ic50b8663f278b97185c471a4113de29b3e53e023
| -rw-r--r-- | workflow-designer-be/docker/Dockerfile | 17 | ||||
| -rw-r--r-- | workflow-designer-init/src/main/docker/Dockerfile | 15 | ||||
| -rw-r--r-- | workflow-designer-ui/docker/Dockerfile | 5 |
3 files changed, 25 insertions, 12 deletions
diff --git a/workflow-designer-be/docker/Dockerfile b/workflow-designer-be/docker/Dockerfile index ea20fa5c..91a5e78b 100644 --- a/workflow-designer-be/docker/Dockerfile +++ b/workflow-designer-be/docker/Dockerfile @@ -2,16 +2,21 @@ FROM openjdk:8-jdk-alpine EXPOSE 8080 -USER root +USER root +RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc ARG ARTIFACT -ADD ${ARTIFACT} /app.jar +ADD --chown=sdc:sdc ${ARTIFACT} /app.jar -COPY org.onap.sdc.p12 /keystore -COPY org.onap.sdc.trust.jks /truststore +COPY --chown=sdc:sdc org.onap.sdc.p12 /keystore +COPY --chown=sdc:sdc org.onap.sdc.trust.jks /truststore -COPY startup.sh . +COPY --chown=sdc:sdc startup.sh . RUN chmod 744 startup.sh + +RUN mkdir /var/log/ONAP/ +RUN chown sdc:sdc /var/log/ONAP/ -ENTRYPOINT [ "./startup.sh" ]
\ No newline at end of file +USER sdc +ENTRYPOINT [ "./startup.sh" ] diff --git a/workflow-designer-init/src/main/docker/Dockerfile b/workflow-designer-init/src/main/docker/Dockerfile index b5ee15ad..656a84ca 100644 --- a/workflow-designer-init/src/main/docker/Dockerfile +++ b/workflow-designer-init/src/main/docker/Dockerfile @@ -1,12 +1,19 @@ FROM python:2.7-alpine3.8 -RUN pip install cqlsh==5.0.4 && \ - mkdir ~/.cassandra/ && \ +RUN pip install cqlsh==5.0.4 + +RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc +USER sdc +RUN mkdir ~/.cassandra/ && \ echo '[cql]' > ~/.cassandra/cqlshrc && \ echo 'version=3.4.4' >> ~/.cassandra/cqlshrc +USER root COPY create_keyspaces.cql create_tables.cql start.sh ./ +RUN chown sdc:sdc create_keyspaces.cql && \ + chown sdc:sdc create_tables.cql && \ + chown sdc:sdc start.sh && \ + chmod 744 start.sh -RUN chmod 744 start.sh - +USER sdc ENTRYPOINT ["./start.sh"] diff --git a/workflow-designer-ui/docker/Dockerfile b/workflow-designer-ui/docker/Dockerfile index 58130888..7a54b615 100644 --- a/workflow-designer-ui/docker/Dockerfile +++ b/workflow-designer-ui/docker/Dockerfile @@ -9,10 +9,11 @@ ARG ARTIFACT COPY org.onap.sdc.p12 org.onap.sdc.trust.jks ${JETTY_BASE}/etc/ -ADD ${ARTIFACT} ${JETTY_BASE}/webapps/ +ADD --chown=jetty:jetty ${ARTIFACT} ${JETTY_BASE}/webapps/ RUN chown -R jetty:jetty ${JETTY_BASE}/webapps ${JETTY_BASE}/etc/ -COPY startup.sh . +COPY --chown=jetty:jetty startup.sh . RUN chmod 744 startup.sh +USER jetty ENTRYPOINT [ "./startup.sh" ] |