Skip to content
This repository has been archived by the owner on Dec 17, 2021. It is now read-only.

Commit

Permalink
Merge pull request #186 from splunk/feat-nonroot
Browse files Browse the repository at this point in the history
feat: Container as non root user
  • Loading branch information
Ryan Faircloth authored Nov 3, 2021
2 parents f890582 + 89246a9 commit ddb847d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,12 @@
# limitations under the License.
#
FROM registry.access.redhat.com/ubi8/ubi
RUN groupadd -g 1001 celery \
&& useradd -m -u 1001 -g celery celery

RUN curl -fsSL https://goss.rocks/install | GOSS_VER=v0.3.13 sh
ARG PYTHON_RUNTIME_VERSION=3.8

RUN cd /tmp ;\
dnf install tzdata curl wget nc python${PYTHON_RUNTIME_VERSION} python3-pip procps-ng -y ;\
dnf update -y ;\
Expand All @@ -27,4 +30,5 @@ COPY dist/*.whl /tmp
RUN pip${PYTHON_RUNTIME_VERSION} install $(ls /tmp/*.whl); rm -f /tmp/*.whl

WORKDIR /work
USER 1001
ENTRYPOINT [ "/work/entrypoint.sh" ]
2 changes: 1 addition & 1 deletion entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ then
sc4snmp-poller $@ &
else
echo starting sc4-snmp-worker
celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1
celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1 || exit 1
fi

pid="$!"
Expand Down

0 comments on commit ddb847d

Please sign in to comment.