Skip to content

Commit

Permalink
Run image as non-root (#116)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sathieu
sathieu authored Jan 25, 2022
1 parent 3ab0e6c commit 7123797
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions onyxia-api/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@ RUN curl -o /tmp/kubectl -L https://storage.googleapis.com/kubernetes-release/re
RUN curl -o /tmp/helm -L https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz
RUN tar -xvzf /tmp/helm -C /tmp

FROM openjdk:17
FROM eclipse-temurin:17-jre
COPY --from=build /tmp/kubectl /usr/local/bin/kubectl
RUN chmod +x /usr/local/bin/kubectl
COPY --from=build /tmp/linux-amd64/helm /usr/local/bin/helm
RUN chmod +x /usr/local/bin/helm
COPY target/*.jar app.jar
RUN chmod +x /usr/local/bin/kubectl && \
chmod +x /usr/local/bin/helm && \
groupadd --gid 101 --system onyxia && \
useradd --system --uid 101 --create-home --home-dir /var/cache/onyxia --shell /sbin/nologin --gid onyxia --comment onyxia onyxia
# Equivalent to 'USER onyxia', see: https://github.com/InseeFrLab/onyxia-api/pull/116
USER 101
ENTRYPOINT ["java","-jar","/app.jar"]

0 comments on commit 7123797

Please sign in to comment.