diff --git a/play-with-sld/kubernetes/k8s/sld-api-backend.yml b/play-with-sld/kubernetes/k8s/sld-api-backend.yml index 0724d1a7..b979063c 100644 --- a/play-with-sld/kubernetes/k8s/sld-api-backend.yml +++ b/play-with-sld/kubernetes/k8s/sld-api-backend.yml @@ -19,7 +19,7 @@ spec: - name: api-backend image: d10s0vsky/sld-api:latest imagePullPolicy: Always - command: ["python3", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"] + command: ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"] ports: - containerPort: 8000 livenessProbe: diff --git a/sld-api-backend/Dockerfile b/sld-api-backend/Dockerfile index 40173997..2bc93ea0 100644 --- a/sld-api-backend/Dockerfile +++ b/sld-api-backend/Dockerfile @@ -6,40 +6,43 @@ ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 ENV TZ=Europe/Madrid -# Set up working directory -WORKDIR /app -ADD ./requirements.txt /app/requirements.txt - -# Create a user and group -RUN groupadd --gid 10000 sld && \ - useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld - # Set timezone -RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime +RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime # Install dependencies including build tools RUN export DEBIAN_FRONTEND=noninteractive && \ apt-get update && \ apt-get -yq install curl git zip tzdata build-essential libssl-dev libffi-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev pkg-config libmysqlclient-dev +# Create a user and group +RUN groupadd --gid 10000 sld && \ + useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld -# Install asdf, Python plugin, and Python version -RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.0 && \ - echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ - echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc +# Set up working directory +WORKDIR /app + +# Change to user 'sld' +USER sld -SHELL ["/bin/bash", "-c"] +# Install asdf under user 'sld' +RUN git clone https://github.com/asdf-vm/asdf.git /home/sld/.asdf --branch v0.10.0 && \ + echo '. /home/sld/.asdf/asdf.sh' >> /home/sld/.bashrc && \ + echo '. /home/sld/.asdf/completions/asdf.bash' >> /home/sld/.bashrc -RUN . $HOME/.asdf/asdf.sh && \ +# Install Python using asdf +SHELL ["/bin/bash", "-l", "-c"] +RUN . /home/sld/.asdf/asdf.sh && \ asdf plugin add python && \ asdf install python 3.11.6 && \ asdf global python 3.11.6 +# Switch back to root to perform privileged operations +USER root -# Install Python packages -RUN . $HOME/.asdf/asdf.sh && \ - python -m pip install --upgrade pip setuptools && \ - python -m pip install --no-cache-dir -r requirements.txt +# Add the requirements file and install Python packages +ADD ./requirements.txt /app/requirements.txt +RUN chown sld:sld /app/requirements.txt && \ + su - sld -c ". /home/sld/.asdf/asdf.sh && python -m pip install --upgrade pip setuptools && python -m pip install --no-cache-dir -r /app/requirements.txt" # Clean up RUN apt-get clean autoclean && \ @@ -48,7 +51,7 @@ RUN apt-get clean autoclean && \ # Add the rest of the application ADD . /app/ -RUN chown -R sld /app +RUN chown -R sld:sld /app -# Switch to user -USER sld \ No newline at end of file +# Switch to user 'sld' for runtime +USER sld diff --git a/sld-dashboard/Dockerfile b/sld-dashboard/Dockerfile index 8eecf14d..b907981a 100644 --- a/sld-dashboard/Dockerfile +++ b/sld-dashboard/Dockerfile @@ -6,40 +6,43 @@ ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 ENV TZ=Europe/Madrid -# Set up working directory -WORKDIR /app -ADD ./requirements.txt /app/requirements.txt - -# Create a user and group -RUN groupadd --gid 10000 sld && \ - useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld - # Set timezone -RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime +RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime # Install dependencies including build tools RUN export DEBIAN_FRONTEND=noninteractive && \ apt-get update && \ apt-get -yq install curl git zip tzdata build-essential libssl-dev libffi-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev pkg-config libmysqlclient-dev +# Create a user and group +RUN groupadd --gid 10000 sld && \ + useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld -# Install asdf, Python plugin, and Python version -RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.0 && \ - echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ - echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc +# Set up working directory +WORKDIR /app + +# Change to user 'sld' +USER sld -SHELL ["/bin/bash", "-c"] +# Install asdf under user 'sld' +RUN git clone https://github.com/asdf-vm/asdf.git /home/sld/.asdf --branch v0.10.0 && \ + echo '. /home/sld/.asdf/asdf.sh' >> /home/sld/.bashrc && \ + echo '. /home/sld/.asdf/completions/asdf.bash' >> /home/sld/.bashrc -RUN . $HOME/.asdf/asdf.sh && \ +# Install Python using asdf +SHELL ["/bin/bash", "-l", "-c"] +RUN . /home/sld/.asdf/asdf.sh && \ asdf plugin add python && \ asdf install python 3.11.6 && \ asdf global python 3.11.6 +# Switch back to root to perform privileged operations +USER root -# Install Python packages -RUN . $HOME/.asdf/asdf.sh && \ - python -m pip install --upgrade pip setuptools && \ - python -m pip install --no-cache-dir -r requirements.txt +# Add the requirements file and install Python packages +ADD ./requirements.txt /app/requirements.txt +RUN chown sld:sld /app/requirements.txt && \ + su - sld -c ". /home/sld/.asdf/asdf.sh && python -m pip install --upgrade pip setuptools && python -m pip install --no-cache-dir -r /app/requirements.txt" # Clean up RUN apt-get clean autoclean && \ @@ -48,7 +51,10 @@ RUN apt-get clean autoclean && \ # Add the rest of the application ADD . /app/ -RUN chown -R sld /app +RUN chown -R sld:sld /app -# Switch to user +# Switch to user 'sld' for runtime USER sld + + + diff --git a/sld-remote-state/Dockerfile b/sld-remote-state/Dockerfile index 2ff089a4..2bc93ea0 100644 --- a/sld-remote-state/Dockerfile +++ b/sld-remote-state/Dockerfile @@ -6,39 +6,43 @@ ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 ENV TZ=Europe/Madrid -# Set up working directory -WORKDIR /app -ADD ./requirements.txt /app/requirements.txt - -# Create a user and group -RUN groupadd --gid 10000 sld && \ - useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld - # Set timezone -RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime +RUN echo $TZ > /etc/timezone && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime # Install dependencies including build tools RUN export DEBIAN_FRONTEND=noninteractive && \ apt-get update && \ - apt-get -yq install curl git zip tzdata build-essential libssl-dev libffi-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev + apt-get -yq install curl git zip tzdata build-essential libssl-dev libffi-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev pkg-config libmysqlclient-dev -# Install asdf, Python plugin, and Python version -RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.0 && \ - echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ - echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc +# Create a user and group +RUN groupadd --gid 10000 sld && \ + useradd --uid 10000 --gid sld --shell /bin/bash --create-home sld + +# Set up working directory +WORKDIR /app + +# Change to user 'sld' +USER sld -SHELL ["/bin/bash", "-c"] +# Install asdf under user 'sld' +RUN git clone https://github.com/asdf-vm/asdf.git /home/sld/.asdf --branch v0.10.0 && \ + echo '. /home/sld/.asdf/asdf.sh' >> /home/sld/.bashrc && \ + echo '. /home/sld/.asdf/completions/asdf.bash' >> /home/sld/.bashrc -RUN . $HOME/.asdf/asdf.sh && \ +# Install Python using asdf +SHELL ["/bin/bash", "-l", "-c"] +RUN . /home/sld/.asdf/asdf.sh && \ asdf plugin add python && \ asdf install python 3.11.6 && \ asdf global python 3.11.6 +# Switch back to root to perform privileged operations +USER root -# Install Python packages -RUN . $HOME/.asdf/asdf.sh && \ - python -m pip install --upgrade pip setuptools && \ - python -m pip install --no-cache-dir -r requirements.txt +# Add the requirements file and install Python packages +ADD ./requirements.txt /app/requirements.txt +RUN chown sld:sld /app/requirements.txt && \ + su - sld -c ". /home/sld/.asdf/asdf.sh && python -m pip install --upgrade pip setuptools && python -m pip install --no-cache-dir -r /app/requirements.txt" # Clean up RUN apt-get clean autoclean && \ @@ -47,7 +51,7 @@ RUN apt-get clean autoclean && \ # Add the rest of the application ADD . /app/ -RUN chown -R sld /app +RUN chown -R sld:sld /app -# Switch to user +# Switch to user 'sld' for runtime USER sld