CR-3159 run rootless (#224)

roi-codefresh · web-flow · commit 7c9c9e4a4d61 · 2021-03-03T17:49:07.000+02:00
* rootless
diff --git a/venona/Dockerfile b/venona/Dockerfile
@@ -1,22 +1,40 @@
 FROM golang:1.14.4-alpine3.12 as build
 
-RUN apk -U add git make 
+RUN apk -U add --no-cache git make ca-certificates && update-ca-certificates
 
-WORKDIR /venona
+ENV USER=venona
+ENV UID=10001 
+
+RUN adduser \    
+    --disabled-password \    
+    --gecos "" \    
+    --home "/nonexistent" \    
+    --shell "/sbin/nologin" \    
+    --no-create-home \    
+    --uid "${UID}" \    
+    "${USER}"
 
-COPY go.mod .
-RUN go mod download
+WORKDIR /venona
 
 COPY . .
+RUN go mod download -x
+RUN go mod verify
 
+# compile
 RUN make build
 
 FROM alpine:3.12
 
-RUN apk update && apk add --no-cache ca-certificates && apk upgrade
+# copy ca-certs and user details
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
 
+# copy binary
 COPY --from=build /venona/venona /usr/local/bin/venona
 
+USER venona:venona
+
 ENTRYPOINT [ "venona" ]
 
 CMD [ "start" ]
diff --git a/venona/VERSION b/venona/VERSION
@@ -1 +1 @@
-1.5.18
+1.6.0
diff --git a/venonactl/VERSION b/venonactl/VERSION
@@ -1 +1 @@
-1.5.18
+1.6.0
diff --git a/venonactl/pkg/templates/kubernetes/deployment.venona.yaml b/venonactl/pkg/templates/kubernetes/deployment.venona.yaml
@@ -88,4 +88,8 @@ spec:
         name: {{ .AppName }}
         resources:
 {{ toYaml .Runner.Resources | indent 10 }}
+      securityContext:
+        runAsUser: 10001
+        runAsGroup: 10001
+        fsGroup: 10001
       restartPolicy: Always
diff --git a/venonactl/pkg/templates/kubernetes/templates.go b/venonactl/pkg/templates/kubernetes/templates.go
