Code Review / sdc / sdc-workflow-designer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run pods as non-root user
[sdc/sdc-workflow-designer.git] / sdc-workflow-designer-init / src / main / docker / Dockerfile
diff --git a/sdc-workflow-designer-init/src/main/docker/Dockerfile b/sdc-workflow-designer-init/src/main/docker/Dockerfile
index b5ee15a..656a84c 100644 (file)
--- a/sdc-workflow-designer-init/src/main/docker/Dockerfile
+++ b/sdc-workflow-designer-init/src/main/docker/Dockerfile
@@ -1,12 +1,19 @@
 FROM python:2.7-alpine3.8
 
-RUN pip install cqlsh==5.0.4 && \
-    mkdir ~/.cassandra/ && \
+RUN pip install cqlsh==5.0.4
+
+RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc
+USER sdc
+RUN mkdir ~/.cassandra/ && \
     echo  '[cql]' > ~/.cassandra/cqlshrc  && \
     echo  'version=3.4.4' >> ~/.cassandra/cqlshrc
 
+USER root
 COPY create_keyspaces.cql create_tables.cql start.sh ./
+RUN chown sdc:sdc create_keyspaces.cql && \
+    chown sdc:sdc create_tables.cql && \
+    chown sdc:sdc start.sh && \
+    chmod 744 start.sh
 
-RUN chmod 744 start.sh
-
+USER sdc
 ENTRYPOINT ["./start.sh"]
A graphic design tool for service life cycle management workflow design.