Skip to content

Commit f5218bf

Browse files
SilvengaSilvenga
committed
Migrated to numerical RunAs user.
1 parent 20efca4 commit f5218bf

File tree

2 files changed

+9
-13
lines changed

2 files changed

+9
-13
lines changed

Dockerfile

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,10 @@ RUN set -xe \
99
&& apt-get install -y --no-install-recommends curl jq \
1010
&& apt-get clean && rm -rf /var/lib/apt/lists/*
1111

12-
WORKDIR /app
13-
1412
FROM mcr.microsoft.com/dotnet/sdk:6.0.405 AS build
13+
WORKDIR /source
14+
15+
# Restore
1516
COPY src/Contrast.K8s.AgentOperator/Contrast.K8s.AgentOperator.csproj /source/src/Contrast.K8s.AgentOperator/
1617
COPY tests/Contrast.K8s.AgentOperator.Tests/Contrast.K8s.AgentOperator.Tests.csproj /source/tests/Contrast.K8s.AgentOperator.Tests/
1718
COPY tests/Contrast.K8s.AgentOperator.FunctionalTests/Contrast.K8s.AgentOperator.FunctionalTests.csproj /source/tests/Contrast.K8s.AgentOperator.FunctionalTests/
@@ -22,35 +23,32 @@ COPY vendor/dotnet-operator-sdk/config/Common.targets /source/vendor/dotnet-oper
2223

2324
COPY vendor/dotnet-kubernetes-client/src/DotnetKubernetesClient/DotnetKubernetesClient.csproj /source/vendor/dotnet-kubernetes-client/src/DotnetKubernetesClient/
2425

25-
WORKDIR /source
2626
RUN dotnet restore
2727

28+
# Build
2829
COPY . /source/
2930
ARG BUILD_VERSION=0.0.1 \
3031
IS_PUBLIC_BUILD=False
3132

3233
RUN set -xe \
33-
&& dotnet test -c Release -p:Version=${BUILD_VERSION} --filter Type=Unit \
34+
&& dotnet test -c Release -p:Version=${BUILD_VERSION} -p:IsPublicBuild=${IS_PUBLIC_BUILD} --filter Type=Unit \
3435
&& dotnet publish -c Release -o /app -p:Version=${BUILD_VERSION} -p:IsPublicBuild=${IS_PUBLIC_BUILD}
3536

3637
FROM base AS final
38+
WORKDIR /app
3739

3840
RUN set -xe \
39-
&& addgroup operator-group \
40-
&& useradd -G operator-group operator-user
41+
&& addgroup --gid 1000 operator-group \
42+
&& useradd -G operator-group --uid 1000 operator-user
4143

42-
WORKDIR /app
4344
COPY src/get-info.sh /get-info.sh
4445
COPY --from=build /app .
4546

4647
RUN set -xe \
4748
&& chown operator-user:operator-group -R . \
4849
&& chmod +x /get-info.sh
4950

50-
USER operator-user
51-
52-
ARG BUILD_VERSION=0.0.1 \
53-
IS_PUBLIC_BUILD=False
51+
USER 1000
5452

5553
ENV ASPNETCORE_URLS=https://+:5001 \
5654
ASPNETCORE_ENVIRONMENT=Production \

manifests/install/all/operator/base/deployment.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,6 @@ spec:
5454
imagePullPolicy: Always
5555
securityContext:
5656
allowPrivilegeEscalation: false
57-
runAsUser: 1000
58-
runAsGroup: 1000
5957
runAsNonRoot: true
6058
capabilities:
6159
drop:

0 commit comments

Comments
 (0)