Making POD run as non-root

author jananib <janani.b@huawei.com>

Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)

committer jananib <janani.b@huawei.com>

Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)
author jananib <janani.b@huawei.com>
Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)
committer jananib <janani.b@huawei.com>
Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)
diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile

index 042041e..bd1b380 100755 (executable)
--- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
+++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
@@ -11,11 +11,13 @@ FROM omahoco1/alpine-java-python
  COPY startService.sh /startService.sh
  RUN addgroup -S onap && adduser -S onap -G onap
  RUN chown onap:onap /startService.sh
+RUN touch /velocity.log && chmod 777 /velocity.log
+RUN chown onap:onap /velocity.log
  RUN chmod 777 /startService.sh && dos2unix /startService.sh
  
  # add application
  COPY --from=extractor /opt /opt
-RUN mkdir /opt/app/onap/blueprints
+RUN mkdir -p /opt/app/onap/blueprints/deploy
  RUN chown onap:onap /opt -R
  USER onap
  
diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile

index c381260..e91265b 100644 (file)
--- a/ms/command-executor/src/main/docker/Dockerfile
+++ b/ms/command-executor/src/main/docker/Dockerfile
@@ -11,7 +11,6 @@ COPY start.sh /opt/app/onap/start.sh
  RUN chmod u+x /opt/app/onap/start.sh
  
  RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log
-RUN chown onap:onap /opt -R
  
  COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
  RUN tar -xzf /source.tar.gz -C /tmp \
@@ -19,6 +18,9 @@ RUN tar -xzf /source.tar.gz -C /tmp \
   && rm -rf /source.tar.gz \
   && rm -rf /tmp/@project.build.finalName@
  
+RUN mkdir -p /opt/app/onap/blueprints/deploy
+RUN chown onap:onap /opt -R
+
  VOLUME /opt/app/onap/blueprints/deploy/
  USER onap
  ENTRYPOINT /opt/app/onap/start.sh
diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile

index bb1b0f7..638b09f 100644 (file)
--- a/ms/py-executor/docker/Dockerfile
+++ b/ms/py-executor/docker/Dockerfile
@@ -12,6 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \
  
  RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt
  
+RUN mkdir -p /opt/app/onap/blueprints/deploy
  RUN chown onap:onap /opt -R
  
  VOLUME /opt/app/onap/blueprints/deploy/
diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile

index 5168dd9..e9ecb8d 100755 (executable)
--- a/ms/sdclistener/distribution/src/main/docker/Dockerfile
+++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile
@@ -12,7 +12,8 @@ RUN tar -xzf /source.tar.gz -C /tmp \
   && rm -rf /source.tar.gz \
   && rm -rf /tmp/@project.build.finalName@
  
-RUN mkdir /opt/app/onap/cds-sdc-listener
+RUN mkdir -p /opt/app/onap/cds-sdc-listener
  RUN chown onap:onap /opt -R
+
  USER onap
  ENTRYPOINT /startService.sh
author	jananib <janani.b@huawei.com>
	Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)
committer	jananib <janani.b@huawei.com>
	Thu, 23 Apr 2020 13:58:43 +0000 (19:28 +0530)
ms/blueprintsprocessor/application/src/main/docker/Dockerfile		patch \| blob \| history
ms/command-executor/src/main/docker/Dockerfile		patch \| blob \| history
ms/py-executor/docker/Dockerfile		patch \| blob \| history
ms/sdclistener/distribution/src/main/docker/Dockerfile		patch \| blob \| history