Code Review / oom / registrator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8f8a661)
Run kube2ms registrator as non-root user 81/84981/1
authorHuabing Zhao <zhaohuabing@gmail.com>
Thu, 11 Apr 2019 02:09:56 +0000 (02:09 +0000)
committerHuabing Zhao <zhaohuabing@gmail.com>
Thu, 11 Apr 2019 02:11:20 +0000 (02:11 +0000)
Change-Id: I2165e080af7c6027548288432c8437503903ee12
Issue-ID: MSB-322
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
build/docker/Dockerfile patch | blob | history

diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile
index f25e592..511964d 100644 (file)
--- a/build/docker/Dockerfile
+++ b/build/docker/Dockerfile
@@ -1,4 +1,9 @@
 FROM alpine:3.3\r
 COPY kube2msb /bin/\r
 \r
+RUN addgroup -g 1000 msb && \\r
+    adduser -D -u 1000 -G msb msb && \\r
+    chown msb:msb /bin/kube2msb\r
+USER msb\r
+\r
 ENTRYPOINT /bin/kube2msb --kube_master_url=${KUBE_MASTER_URL} --auth_token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --msb_url=${MSB_URL}\r
Register the service endpoints to MSB so it can be used for service request routing and load balancing. Registrator puts service endpoints info to MSB discovery module(Consul as the backend) when an ONAP component is deployed by OOM, and update its state along with the life cycle, such as start, stop, scaling, etc.