ryanc/kubernaut
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ensure that the application is not writable by kubernaut

Browse Source
This commit is contained in:
Ryan Cavicchioni
2025-04-30 16:40:58 -05:00
parent da9a06dc24
commit 2fd3c801de
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dockerfiles/alpine.Dockerfile
View File

@@ -30,6 +30,8 @@ RUN <<EOT
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
EOT EOT
COPY . .
FROM base FROM base
ENV PORT=4567 ENV PORT=4567
@@ -39,12 +41,10 @@ RUN <<EOT
adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
EOT EOT
USER kubernaut:kubernaut
COPY --from=build /usr/local/bundle /usr/local/bundle COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build --chown=kubernaut:kubernaut /kubernaut /kubernaut COPY --from=build /kubernaut /kubernaut
COPY --chown=kubernaut:kubernaut . . USER kubernaut:kubernaut
EXPOSE $PORT EXPOSE $PORT
ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ] ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]

8
dockerfiles/bookworm.Dockerfile
View File

@@ -30,6 +30,8 @@ RUN <<EOT
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
EOT EOT
COPY . .
FROM base FROM base
ENV PORT=4567 ENV PORT=4567
@@ -39,12 +41,10 @@ RUN <<EOT
useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
EOT EOT
USER kubernaut:kubernaut
COPY --from=build /usr/local/bundle /usr/local/bundle COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build --chown=kubernaut:kubernaut /kubernaut /kubernaut COPY --from=build /kubernaut /kubernaut
COPY --chown=kubernaut:kubernaut . . USER kubernaut:kubernaut
EXPOSE $PORT EXPOSE $PORT
ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ] ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]