소스 검색

Resolve opencost-ui container running as root

CIS Kubernetes v1.23 advises in 5.2.7 to not run containers as root where not needed. Namespaces in K8S distros like RKE2 by default deny the ability to run as root. 

This fixes the container so it'll run as a non-root user by default.

Signed-off-by: David Jericho <davidj@diskpig.org>
David Jericho 2 년 전
부모
커밋
690932033d
1개의 변경된 파일8개의 추가작업 그리고 1개의 파일을 삭제
  1. 8 1
      ui/Dockerfile.cross

+ 8 - 1
ui/Dockerfile.cross

@@ -1,10 +1,17 @@
 FROM nginx:alpine
+
 COPY ./dist /var/www
 COPY default.nginx.conf /etc/nginx/conf.d/
 COPY nginx.conf /etc/nginx/
+COPY ./docker-entrypoint.sh /usr/local/bin/
+
+RUN adduser 1001 -g 1000 -D
+RUN chown 1001:1000 -R /var/www
+RUN chown 1001:1000 -R /etc/nginx
 
 ENV BASE_URL=/model
 
-COPY ./docker-entrypoint.sh /usr/local/bin/
+USER 1001
+
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]