Making POD run as non-root

[ccsdk/cds.git] / ms / command-executor / src / main / docker / Dockerfile

diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile
index cac2b95..c381260 100644 (file)
--- a/ms/command-executor/src/main/docker/Dockerfile
+++ b/ms/command-executor/src/main/docker/Dockerfile
@@ -1,14 +1,17 @@
 FROM python:3.6-slim
 
-ENV GRPC_PYTHON_VERSION 1.19.0
+ENV GRPC_PYTHON_VERSION 1.20.0
 RUN python -m pip install --upgrade pip
 RUN pip install grpcio==${GRPC_PYTHON_VERSION} grpcio-tools==${GRPC_PYTHON_VERSION}
-RUN pip install virtualenv
+RUN pip install virtualenv==16.7.9
 
-RUN mkdir -p /opt/onap/blueprints && mkdir -p /opt/onap/app/python && chmod -R 777 /opt/onap
+RUN groupadd -r onap && useradd -r -g onap onap
 
-COPY start.sh /opt/onap/app/start.sh
-RUN chmod u+x /opt/onap/app/start.sh
+COPY start.sh /opt/app/onap/start.sh
+RUN chmod u+x /opt/app/onap/start.sh
+
+RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
+RUN chown onap:onap /opt -R
 
 COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
 RUN tar -xzf /source.tar.gz -C /tmp \
@@ -16,4 +19,6 @@ RUN tar -xzf /source.tar.gz -C /tmp \
  && rm -rf /source.tar.gz \
  && rm -rf /tmp/@project.build.finalName@
 
-ENTRYPOINT /opt/onap/app/start.sh
\ No newline at end of file
+VOLUME /opt/app/onap/blueprints/deploy/
+USER onap
+ENTRYPOINT /opt/app/onap/start.sh