From 8c9da9ddf56a218f6ac81981c40f16b042ef19ec Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 9 May 2023 17:56:50 +0530 Subject: [PATCH 1/4] Fixes #41, Fixes #42 --- Dockerfile | 16 ++++++++++++---- README.md | 16 ++++++++++++++-- charts/SDFactory/Chart.yaml | 4 ++-- charts/SDFactory/values.yaml | 4 ++-- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index ddc373ec..0221845a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,18 @@ RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar) FROM eclipse-temurin:17.0.6_10-jdk-alpine +ARG USERNAME=sdfuser +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +# Create the user +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME + +USER $USERNAME + +WORKDIR /sdfactory + RUN apk update && apk upgrade ARG DEPENDENCY=/sdfactory/target/dependency @@ -18,10 +30,6 @@ COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app -RUN adduser -DH sdfuser && addgroup sdfuser sdfuser - -USER sdfuser - ENTRYPOINT ["java", "-cp", "app:app/lib/*", "org.eclipse.tractusx.selfdescriptionfactory.SelfDescriptionFactoryApplication"] EXPOSE 8080 diff --git a/README.md b/README.md index 3fbcbde4..3bc3d50c 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ further processing. ## Software Version ```shell -Software version: 2.0.6 -Helm Chart version: 2.0.6 +Software version: 2.0.7 +Helm Chart version: 2.0.7 ``` @@ -251,6 +251,18 @@ SD-Factory can be fired up locally in Docker environment. Before that the image to be created. Do not forget to provide necessary configuration parameters in `application.yml` for keycloak and the Custodian Wallet. +# Container images + +This application provides container images for demonstration purposes. The base image used, to build this demo application image is eclipse-temurin:17-jdk-alpine + +Docker Hub: + + - eclipse-temurin(https://hub.docker.com/_/eclipse-temurin) + - 17-jdk-alpine(https://hub.docker.com/layers/library/eclipse-temurin/17.0.6_10-jdk-alpine/images/sha256-c093675e143dc8023fb218c144e06491154491a7965d0664a93f99ada5259ec7?context=explore) +Source: + + - temurin-build(https://github.com/adoptium/temurin-build) + - temurin docker repo info(https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin) ## Installation Steps diff --git a/charts/SDFactory/Chart.yaml b/charts/SDFactory/Chart.yaml index 1bc153d3..87185114 100644 --- a/charts/SDFactory/Chart.yaml +++ b/charts/SDFactory/Chart.yaml @@ -37,13 +37,13 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.6 +version: 2.0.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.0.6" +appVersion: "2.0.7" diff --git a/charts/SDFactory/values.yaml b/charts/SDFactory/values.yaml index 6388e009..4f10fc72 100644 --- a/charts/SDFactory/values.yaml +++ b/charts/SDFactory/values.yaml @@ -32,7 +32,7 @@ image: # -- Set the Image Pull Policy pullPolicy: Always # -- Image tage is defined in chart appVersion. - tag: "" + tag: "2.0.7-TEST" imagePullSecrets: [] nameOverride: "" @@ -61,7 +61,7 @@ securityContext: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 + runAsUser: 1000 sdfactory: secret: From 2e1da0e78556d21f32535ca360710a8e8b12b93b Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 9 May 2023 19:30:29 +0530 Subject: [PATCH 2/4] user id fix --- CHANGELOG.md | 9 +++++++++ Dockerfile | 31 +++++++++++++++++++------------ README.md | 1 + charts/SDFactory/values.yaml | 2 +- 4 files changed, 30 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66fa30f4..74a30b27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Updated README.md - a figure for arc42 + +## [2.0.7] - 2023-05-09 + +### Added +- Added Container images section in the README.md file that contains information about the used base image + +### Changed +- Specified runAsUser for the deployment +- Specified USER command in Dockerfile using IDs instead of just name ## [2.0.6] - 2023-05-02 diff --git a/Dockerfile b/Dockerfile index 0221845a..17a94753 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,18 +10,6 @@ RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar) FROM eclipse-temurin:17.0.6_10-jdk-alpine -ARG USERNAME=sdfuser -ARG USER_UID=1000 -ARG USER_GID=$USER_UID - -# Create the user -RUN groupadd --gid $USER_GID $USERNAME \ - && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME - -USER $USERNAME - -WORKDIR /sdfactory - RUN apk update && apk upgrade ARG DEPENDENCY=/sdfactory/target/dependency @@ -30,6 +18,25 @@ COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app +ENV USER=sdfuser +ENV UID=1000 +ENV GID=1000 + +RUN addgroup --gid $GID $USER + +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "$(pwd)" \ + --ingroup "$USER" \ + --no-create-home \ + --uid "$UID" \ + "$USER" + +USER sdfuser + +WORKDIR /sdfactory + ENTRYPOINT ["java", "-cp", "app:app/lib/*", "org.eclipse.tractusx.selfdescriptionfactory.SelfDescriptionFactoryApplication"] EXPOSE 8080 diff --git a/README.md b/README.md index 3bc3d50c..6ffaab38 100644 --- a/README.md +++ b/README.md @@ -259,6 +259,7 @@ Docker Hub: - eclipse-temurin(https://hub.docker.com/_/eclipse-temurin) - 17-jdk-alpine(https://hub.docker.com/layers/library/eclipse-temurin/17.0.6_10-jdk-alpine/images/sha256-c093675e143dc8023fb218c144e06491154491a7965d0664a93f99ada5259ec7?context=explore) + Source: - temurin-build(https://github.com/adoptium/temurin-build) diff --git a/charts/SDFactory/values.yaml b/charts/SDFactory/values.yaml index 4f10fc72..326ce607 100644 --- a/charts/SDFactory/values.yaml +++ b/charts/SDFactory/values.yaml @@ -32,7 +32,7 @@ image: # -- Set the Image Pull Policy pullPolicy: Always # -- Image tage is defined in chart appVersion. - tag: "2.0.7-TEST" + tag: "" imagePullSecrets: [] nameOverride: "" From 350342ed50fb4243dfb85e566292206488f6a356 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 9 May 2023 19:31:43 +0530 Subject: [PATCH 3/4] user id fix --- charts/SDFactory/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/SDFactory/README.md b/charts/SDFactory/README.md index c3742afc..c00ca9b3 100644 --- a/charts/SDFactory/README.md +++ b/charts/SDFactory/README.md @@ -1,6 +1,6 @@ # sdfactory -![Version: 2.0.6](https://img.shields.io/badge/Version-2.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.6](https://img.shields.io/badge/AppVersion-2.0.6-informational?style=flat-square) +![Version: 2.0.7](https://img.shields.io/badge/Version-2.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.7](https://img.shields.io/badge/AppVersion-2.0.7-informational?style=flat-square) Helm Charts for SD Factory application. Self-Description Factory component is responsible for the creation of Self Descriptions. @@ -49,6 +49,7 @@ Helm Charts for SD Factory application. Self-Description Factory component is re | sdfactory.secret.realm | string | `""` | Keycloak Realm detail | | sdfactory.secret.resource | string | `""` | Keycloak Resource detail | | securityContext.allowPrivilegeEscalation | bool | `false` | Controls whether a process can gain more privileges | +| securityContext.runAsUser | int | `1000` | | | service.port | int | `80` | Port details for sevice | | service.targetPort | int | `8080` | Container Port details for sevice | | service.type | string | `"ClusterIP"` | Type of service | From 47e715004de40f88d94904b806b72b01d1a40780 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 9 May 2023 20:42:08 +0530 Subject: [PATCH 4/4] workdir --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 17a94753..6196136d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN adduser \ USER sdfuser -WORKDIR /sdfactory +WORKDIR / ENTRYPOINT ["java", "-cp", "app:app/lib/*", "org.eclipse.tractusx.selfdescriptionfactory.SelfDescriptionFactoryApplication"]