Skip to content

Commit 4d22c85

Browse files
pisarenko-bopisarenko-bo
committed
add non-root codefresh user to run app
1 parent bd94401 commit 4d22c85

File tree

2 files changed

+21
-20
lines changed

2 files changed

+21
-20
lines changed

Dockerfile

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,26 @@ FROM alpine:3.6 AS builder
22

33
RUN apk update && apk add curl
44

5-
RUN export ARCH=$([[ "$(uname -m)" == "aarch64" ]] && echo "arm64" || echo "amd64") && \
6-
curl -o kubectl1.22 -L https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/linux/${ARCH}/kubectl && \
7-
curl -o kubectl1.21 -L https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/${ARCH}/kubectl && \
8-
curl -o kubectl1.20 -L https://storage.googleapis.com/kubernetes-release/release/v1.20.0/bin/linux/${ARCH}/kubectl && \
9-
curl -o kubectl1.19 -L https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/${ARCH}/kubectl && \
10-
curl -o kubectl1.18 -L https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/${ARCH}/kubectl && \
11-
curl -o kubectl1.17 -L https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/${ARCH}/kubectl && \
12-
curl -o kubectl1.16 -L https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/linux/${ARCH}/kubectl && \
13-
curl -o kubectl1.15 -L https://storage.googleapis.com/kubernetes-release/release/v1.15.0/bin/linux/${ARCH}/kubectl && \
14-
curl -o kubectl1.14 -L https://storage.googleapis.com/kubernetes-release/release/v1.14.0/bin/linux/${ARCH}/kubectl && \
15-
curl -o kubectl1.13 -L https://storage.googleapis.com/kubernetes-release/release/v1.13.0/bin/linux/${ARCH}/kubectl && \
16-
curl -o kubectl1.12 -L https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/${ARCH}/kubectl && \
17-
curl -o kubectl1.11 -L https://storage.googleapis.com/kubernetes-release/release/v1.11.0/bin/linux/${ARCH}/kubectl && \
18-
curl -o kubectl1.10 -L https://storage.googleapis.com/kubernetes-release/release/v1.10.0/bin/linux/${ARCH}/kubectl && \
5+
RUN export ARCH=$([[ "$(uname -m)" == "aarch64" ]] && echo "arm64" || echo "amd64") && \
6+
curl -o kubectl1.22 -L https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/linux/${ARCH}/kubectl && \
7+
curl -o kubectl1.21 -L https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/${ARCH}/kubectl && \
8+
curl -o kubectl1.20 -L https://storage.googleapis.com/kubernetes-release/release/v1.20.0/bin/linux/${ARCH}/kubectl && \
9+
curl -o kubectl1.19 -L https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/${ARCH}/kubectl && \
10+
curl -o kubectl1.18 -L https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/${ARCH}/kubectl && \
11+
curl -o kubectl1.17 -L https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/${ARCH}/kubectl && \
12+
curl -o kubectl1.16 -L https://storage.googleapis.com/kubernetes-release/release/v1.16.0/bin/linux/${ARCH}/kubectl && \
13+
curl -o kubectl1.15 -L https://storage.googleapis.com/kubernetes-release/release/v1.15.0/bin/linux/${ARCH}/kubectl && \
14+
curl -o kubectl1.14 -L https://storage.googleapis.com/kubernetes-release/release/v1.14.0/bin/linux/${ARCH}/kubectl && \
15+
curl -o kubectl1.13 -L https://storage.googleapis.com/kubernetes-release/release/v1.13.0/bin/linux/${ARCH}/kubectl && \
16+
curl -o kubectl1.12 -L https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/${ARCH}/kubectl && \
17+
curl -o kubectl1.11 -L https://storage.googleapis.com/kubernetes-release/release/v1.11.0/bin/linux/${ARCH}/kubectl && \
18+
curl -o kubectl1.10 -L https://storage.googleapis.com/kubernetes-release/release/v1.10.0/bin/linux/${ARCH}/kubectl && \
1919
curl -o kubectl1.6 -L https://storage.googleapis.com/kubernetes-release/release/v1.6.0/bin/linux/${ARCH}/kubectl
2020

2121

2222
FROM alpine:3.15.3
2323

24-
RUN apk add --update bash
24+
RUN apk --no-cache update && apk upgrade && apk add --update bash
2525

2626
#copy all versions of kubectl to switch between them later.
2727
COPY --from=builder kubectl1.22 /usr/local/bin/
@@ -52,15 +52,16 @@ RUN chmod +x /usr/local/bin/kubectl \
5252
/usr/local/bin/kubectl1.19 \
5353
/usr/local/bin/kubectl1.20 \
5454
/usr/local/bin/kubectl1.21 \
55-
/usr/local/bin/kubectl1.22
55+
/usr/local/bin/kubectl1.22
5656

5757
WORKDIR /
5858

5959
ADD cf-deploy-kubernetes.sh /cf-deploy-kubernetes
6060
ADD template.sh /template.sh
6161

62-
RUN \
63-
chmod +x /cf-deploy-kubernetes && \
64-
chmod +x /template.sh
62+
RUN adduser -D -h /home/cfu -s /bin/bash cfu \
63+
&& chgrp -R $(id -g cfu) /cf-deploy-kubernetes /usr/local/bin /template.sh \
64+
&& chmod -R g+rwX /cf-deploy-kubernetes /usr/local/bin /template.sh
65+
USER cfu
6566

6667
CMD ["bash"]

service.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
version: 16.1.8
1+
version: 16.1.9

0 commit comments

Comments
 (0)