Code Review / msb / discovery.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run discovery as non-root user
[msb/discovery.git] / distributions / msb-discovery / src / main / docker / Dockerfile
diff --git a/distributions/msb-discovery/src/main/docker/Dockerfile b/distributions/msb-discovery/src/main/docker/Dockerfile
index 747790f..2058233 100644 (file)
--- a/distributions/msb-discovery/src/main/docker/Dockerfile
+++ b/distributions/msb-discovery/src/main/docker/Dockerfile
@@ -5,6 +5,14 @@ COPY msb-discover*.tar.gz /usr/src
 RUN tar -xzf /usr/src/msb-discover*.tar.gz -C /usr/local --strip-components=1; \\r
        rm /usr/src/msb-discover*.tar.gz\r
        \r
+RUN apk add --no-cache shadow sudo && \\r
+    addgroup -g 1000 msb && \\r
+    adduser -D -u 1000 -G msb msb && \\r
+    echo "msb ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/msb && \\r
+    chmod 0440 /etc/sudoers.d/msb && \\r
+    chown -R msb:msb /usr/local\r
+USER msb\r
+\r
 WORKDIR /usr/local\r
 EXPOSE 10081\r
-ENTRYPOINT exec $PWD/startup4docker.sh
\ No newline at end of file
+ENTRYPOINT exec $PWD/startup4docker.sh\r
Provides service registration and discovery for ONAP microservices, which leverage Consul and build an abstract layer on top of it to make it agnostic to the registration provider and add needed extension.