From acb5cb6ae983eca5bf5cd5ada79be4a7a43d2f37 Mon Sep 17 00:00:00 2001 From: Subbarao Meduri Date: Wed, 15 May 2024 16:30:49 -0400 Subject: [PATCH] relocate kubeconfig to /workspace for non-root user access Signed-off-by: Subbarao Meduri --- tests/Containerfile.operator | 8 ++++++-- tests/Dockerfile | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/Containerfile.operator b/tests/Containerfile.operator index 70b47f4e0..451994ee0 100644 --- a/tests/Containerfile.operator +++ b/tests/Containerfile.operator @@ -14,12 +14,16 @@ RUN go install github.com/onsi/ginkgo/ginkgo@v1.14.2 && go mod vendor && ginkgo # create new docker image to hold built artifacts FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +# pre-create directories and set permissions +RUN mkdir -p /resources /results && \ + chown -R 1001:1001 /resources /results + # run as non-root USER 1001:1001 # expose env vars for runtime -ENV KUBECONFIG "/opt/.kube/config" -ENV IMPORT_KUBECONFIG "/opt/.kube/import-kubeconfig" +ENV KUBECONFIG "/workspace/.kube/config" +ENV IMPORT_KUBECONFIG "/workspace/.kube/import-kubeconfig" ENV OPTIONS "/resources/options.yaml" ENV REPORT_FILE "/results/results.xml" ENV GINKGO_DEFAULT_FLAGS "-slowSpecThreshold=120 -timeout 7200s" diff --git a/tests/Dockerfile b/tests/Dockerfile index b1fe66e9a..21845fc39 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -11,12 +11,16 @@ RUN go install github.com/onsi/ginkgo/ginkgo@v1.14.2 && go mod vendor && ginkgo # create new docker image to hold built artifacts FROM registry.access.redhat.com/ubi8/ubi-minimal:latest +# pre-create directories and set permissions +RUN mkdir -p /resources /results && \ + chown -R 1001:1001 /resources /results + # run as non-root USER 1001:1001 # expose env vars for runtime -ENV KUBECONFIG "/opt/.kube/config" -ENV IMPORT_KUBECONFIG "/opt/.kube/import-kubeconfig" +ENV KUBECONFIG "/workspace/.kube/config" +ENV IMPORT_KUBECONFIG "/workspace/.kube/import-kubeconfig" ENV OPTIONS "/resources/options.yaml" ENV REPORT_FILE "/results/results.xml" ENV GINKGO_DEFAULT_FLAGS "-slowSpecThreshold=120 -timeout 7200s"