Run pods as non-root user

Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-2798 Change-Id: Ic50b8663f278b97185c471a4113de29b3e53e023
author: MichaelMorris <michael.morris@est.tech> 2020-03-10 17:02:34 +0000
committer: Michael Morris <michael.morris@est.tech> 2020-03-15 18:14:43 +0000
commit: 1b548a33bf279b6d22b7a1a49a672151974706d7 (patch)
tree: e57059614a9112b805a96d53df7ace784d8b3b24 /sdc-workflow-designer-be/docker
parent: 6dc58fd625279f8ffe1060170418686034db0af4 (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/sdc-workflow-designer-be/docker/Dockerfile b/sdc-workflow-designer-be/docker/Dockerfile
index ea20fa5c..91a5e78b 100644
--- a/sdc-workflow-designer-be/docker/Dockerfile
+++ b/sdc-workflow-designer-be/docker/Dockerfile
@@ -2,16 +2,21 @@ FROM openjdk:8-jdk-alpine
 
 EXPOSE 8080
 
-USER root
+USER root 
+RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc
 
 ARG ARTIFACT
 
-ADD ${ARTIFACT} /app.jar
+ADD --chown=sdc:sdc ${ARTIFACT} /app.jar
 
-COPY org.onap.sdc.p12 /keystore
-COPY org.onap.sdc.trust.jks /truststore
+COPY --chown=sdc:sdc org.onap.sdc.p12 /keystore
+COPY --chown=sdc:sdc org.onap.sdc.trust.jks /truststore
 
-COPY startup.sh .
+COPY --chown=sdc:sdc startup.sh .
 RUN chmod 744 startup.sh
+ 
+RUN mkdir /var/log/ONAP/
+RUN chown sdc:sdc /var/log/ONAP/
 
-ENTRYPOINT [ "./startup.sh" ]
-\ No newline at end of file
+USER sdc
+ENTRYPOINT [ "./startup.sh" ]
author	MichaelMorris <michael.morris@est.tech>	2020-03-10 17:02:34 +0000
committer	Michael Morris <michael.morris@est.tech>	2020-03-15 18:14:43 +0000
commit	1b548a33bf279b6d22b7a1a49a672151974706d7 (patch)
tree	e57059614a9112b805a96d53df7ace784d8b3b24 /sdc-workflow-designer-be/docker
parent	6dc58fd625279f8ffe1060170418686034db0af4 (diff)