Fix bug 1707 - Adding non-root user to run POL

Change-Id: I4b3df48e7c277de7ccd91b4a017577942ec4926f
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

docker/POL/Dockerfile

@@ -60,7 +60,22 @@ COPY --from=INSTALL /usr/bin/mysqlshow /usr/bin/
 COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/libedit.so.2 /usr/lib/x86_64-linux-gnu/
 COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/libbsd.so.0 /usr/lib/x86_64-linux-gnu/
 
-COPY scripts/ scripts/
+COPY scripts/ /app/osm_pol/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /app appuser && \
+    mkdir -p /app/osm_pol && \
+    mkdir -p /app/storage/kafka && \
+    mkdir /app/log && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app/osm_pol
+
+# Changing the security context
+USER appuser
+
+########################################################################
 
 ENV OSMPOL_MESSAGE_DRIVER kafka
 ENV OSMPOL_MESSAGE_HOST kafka

installers/docker/osm_pods/pol.yaml

@@ -30,6 +30,10 @@ spec:
       labels:
         app: pol
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       initContainers:
       - name: kafka-mongo-test
         image: alpine:latest
@@ -47,10 +51,3 @@ spec:
         envFrom:
         - secretRef:
              name: pol-secret
-        volumeMounts:
-        - name: db
-          mountPath: /app/database
-      volumes:
-      - name: db
-        hostPath:
-         path: /var/lib/osm/osm_pol_db/_data