Fix bug 1702 Adding non-root user to run NG-UI

author preethika.p <preethika.p@tataelxsi.co.in>

Tue, 22 Feb 2022 04:10:41 +0000 (04:10 +0000)

committer beierlm <mark.beierl@canonical.com>

Tue, 22 Feb 2022 20:03:09 +0000 (21:03 +0100)
author preethika.p <preethika.p@tataelxsi.co.in>
Tue, 22 Feb 2022 04:10:41 +0000 (04:10 +0000)
committer beierlm <mark.beierl@canonical.com>
Tue, 22 Feb 2022 20:03:09 +0000 (21:03 +0100)
diff --git a/docker/NG-UI/Dockerfile b/docker/NG-UI/Dockerfile

index c4d67df..6e9e79d 100644 (file)
--- a/docker/NG-UI/Dockerfile
+++ b/docker/NG-UI/Dockerfile
@@ -65,6 +65,14 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \
  # Removing the Nginx default page.
  RUN rm -rf /usr/share/nginx/html/*
  
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /usr appuser && \
+    chown -R appuser:appuser /usr /var/lib/nginx /var/log/nginx /etc/nginx /run
+
+# Changing the security context
+USER appuser
+
  # Copying Nginx configuration
  COPY --from=INSTALL /usr/share/osm-ngui/nginx/nginx.conf /etc/nginx/sites-available/default
  
diff --git a/installers/docker/osm_pods/ng-ui.yaml b/installers/docker/osm_pods/ng-ui.yaml

index f5b1658..3ce1e3b 100644 (file)
--- a/installers/docker/osm_pods/ng-ui.yaml
+++ b/installers/docker/osm_pods/ng-ui.yaml
@@ -44,6 +44,10 @@ spec:
        labels:
          app: ng-ui
      spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
        containers:
        - name: ng-ui
          image: opensourcemano/ng-ui:11
author	preethika.p <preethika.p@tataelxsi.co.in>
	Tue, 22 Feb 2022 04:10:41 +0000 (04:10 +0000)
committer	beierlm <mark.beierl@canonical.com>
	Tue, 22 Feb 2022 20:03:09 +0000 (21:03 +0100)
docker/NG-UI/Dockerfile		patch \| blob \| history
installers/docker/osm_pods/ng-ui.yaml		patch \| blob \| history