&& mv linux-amd64/helm /usr/local/bin/helm3 \
&& rm -r linux-amd64/
-
ARG PYTHON3_OSM_COMMON_URL
ARG PYTHON3_OSM_LCM_URL
ARG PYTHON3_N2VC_URL
COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/
-COPY scripts/ scripts/
+COPY scripts/ /app/osm_lcm/scripts/
-########################################################################
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+ useradd -u 1000 -g 1000 -d /app appuser && \
+ mkdir -p /app/osm_lcm && \
+ mkdir -p /app/storage/kafka && \
+ mkdir /app/log && \
+ chown -R appuser:appuser /app
-# Used for local storage
-VOLUME /app/storage
-# Used for logs
-VOLUME /app/log
+WORKDIR /app/osm_lcm
+
+# Changing the security context
+USER appuser
+
+########################################################################
# The following ENV can be added with "docker run -e xxx' to configure LCM
ENV OSMLCM_RO_HOST ro
HEALTHCHECK --start-period=120s --interval=30s --timeout=30s --retries=1 \
CMD python3 -m osm_lcm.lcm_hc || exit 1
-
# Run app.py when the container launches
CMD [ "/bin/bash", "scripts/start.sh" ]
-
labels:
app: lcm
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ fsGroup: 1000
initContainers:
- name: kafka-ro-mongo-test
image: alpine:latest
value: mongodb://mongodb-k8s:27017/?replicaSet=rs0
envFrom:
- secretRef:
- name: lcm-secret
- volumeMounts:
- - name: osm-packages
- mountPath: /app/storage
- - name: prometheus-config
- mountPath: /etc/prometheus
- volumes:
- - name: osm-packages
- hostPath:
- path: /var/lib/osm/osm_osm_packages/_data
- - name: prometheus-config
- hostPath:
- path: /var/lib/osm/prometheus
+ name: lcm-secret
projects / osm / devops.git / commitdiff