COPY --from=INSTALL /usr/bin/osm* /usr/bin/
COPY --from=INSTALL /minizinc /minizinc
-RUN mkdir /entry_data \
- && mkdir /entry_data/mzn-lib \
- && ln -s /entry_data/mzn-lib /minizinc/share/minizinc/exec
+RUN mkdir /entry_data && \
+ mkdir /placement && \
+ mkdir /entry_data/mzn-lib && \
+ ln -s /entry_data/mzn-lib /minizinc/share/minizinc/exec
-COPY scripts/ scripts/
-RUN mkdir /placement
+COPY scripts/ /app/osm_pla/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+ useradd -u 1000 -g 1000 -d /app appuser && \
+ mkdir -p /app/osm_pla && \
+ chown -R appuser:appuser /app && \
+ chown -R appuser:appuser /entry_data && \
+ chown -R appuser:appuser /minizinc && \
+ chown -R appuser:appuser /placement
+
+WORKDIR /app/osm_pla
+
+# Changing the security context
+USER appuser
ENV OSMPLA_MESSAGE_DRIVER kafka
ENV OSMPLA_MESSAGE_HOST kafka
#HEALTHCHECK --start-period=120s --interval=10s --timeout=5s --retries=5 \
# CMD osm-pla-healthcheck || exit 1
-CMD /bin/bash scripts/start.sh
+CMD [ "/bin/bash", "scripts/start.sh" ]
labels:
app: pla
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ fsGroup: 1000
initContainers:
- name: kafka-mongo-test
image: alpine:latest
value: kafka
- name: OSMPLA_DATABASE_URI
value: mongodb://mongodb-k8s:27017/?replicaSet=rs0
- volumeMounts:
- - name: osm-packages
- mountPath: /app/storage
- volumes:
- - name: osm-packages
- hostPath:
- path: /var/lib/osm/osm_osm_packages/_data
projects / osm / devops.git / commitdiff