Code Review / ccsdk / cds.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Making POD run as non-root
[ccsdk/cds.git] / ms / blueprintsprocessor / application / src / main / docker / Dockerfile
diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
index 1035915..042041e 100755 (executable)
--- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
+++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
@@ -9,9 +9,14 @@ FROM omahoco1/alpine-java-python
 
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN addgroup -S onap && adduser -S onap -G onap
+RUN chown onap:onap /startService.sh
 RUN chmod 777 /startService.sh && dos2unix /startService.sh
 
 # add application
 COPY --from=extractor /opt /opt
+RUN mkdir /opt/app/onap/blueprints
+RUN chown onap:onap /opt -R
+USER onap
 
 ENTRYPOINT [ "/startService.sh" ]
Controller Design Studio (design-time tool : evolution of appc/cdt)