Merge pull request #46 from eifrach/change_to_pip

Change to Centos with non-Root user

Author: eifrach

Containerfile

@@ -1,20 +1,34 @@
-FROM ghcr.io/astral-sh/uv:alpine
+FROM quay.io/centos/centos:stream9
 
 # Set default MCP transport if not provided
 ENV MCP_TRANSPORT=stdio
 
-# Install Python 3.11 and required build dependencies
-RUN apk add --no-cache python3 python3-dev py3-pip build-base
+# Install Python 3.11, pip, and build dependencies
+RUN dnf -y install --setopt=install_weak_deps=False --setopt=tsflags=nodocs \
+    python3.12 python3.12-devel python3.12-pip gcc make git && \
+    dnf clean all
+
+# Install uv (universal virtualenv/dependency manager)
+RUN pip3.12 install --no-cache-dir  --upgrade pip && \
+    pip3.12 install --no-cache-dir uv
+
+# Copy project files to working directory
+WORKDIR /app
+
+# Set ownership to the user we created. Group 0 (root) is important for OpenShift compatibility.
+RUN chown 1001:0 /app
+
+# Switch to the non-root user *before* copying files and installing dependencies
+USER 1001
 
-# Copy project files to user's home directory (no permission issues)
 COPY pyproject.toml ./
 COPY .python-version ./
 COPY uv.lock ./
 COPY README.md ./
 # Copy application files (needed for editable install)
 COPY ./src/ ./
 
-# Install dependencies - no permission changes needed
+# Install dependencies
 RUN uv sync --no-cache --locked
 
 # Environment variables (set these when running the container)
@@ -27,4 +41,4 @@ RUN uv sync --no-cache --locked
 # Expose metrics port
 EXPOSE 8000
 
-CMD ["uv", "run","--no-cache", "python", "mcp_server.py"]
+CMD ["uv", "run", "--no-cache", "python", "mcp_server.py"]

openshift/template.yaml

@@ -85,9 +85,7 @@ objects:
         dnsPolicy: ClusterFirst
         restartPolicy: Always
         schedulerName: default-scheduler
-        securityContext:
-          runAsNonRoot: true
-          fsGroup: 0
+        securityContext: {}
         terminationGracePeriodSeconds: 30
 - apiVersion: v1
   kind: Service