Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container security optimizations: arbitrary UID #514

Closed
2 tasks
jennydaman opened this issue May 30, 2023 · 0 comments · Fixed by #525
Closed
2 tasks

Container security optimizations: arbitrary UID #514

jennydaman opened this issue May 30, 2023 · 0 comments · Fixed by #525
Labels
enhancement help wanted

Comments

@jennydaman
Copy link
Contributor

Container security best practice is to allow container to run as an arbitrary (underprvileged) user. On some OpenShift deployments, it is obligatory to run containers this way.

We need to figure out how to run CUBE as an underprivileged user, which will require us to change its Dockerfile. We can also consider using Red Hat UBI, see #492

ChRIS_ultron_backEnd/Dockerfile

Line 43 in ce549dd

ARG UID=1001

This will affect how manage.py collectstatic works, which should probably be part of the build step.

ChRIS_ultron_backEnd/docker-entrypoint.sh

Line 12 in ce549dd

python manage.py collectstatic --noinput

  • support arbitrary container UID
  • do manage.py collectstatic during container build
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Container optimizations in preparation for OpenShift deployment jennydaman/ChRIS_ultron_backEnd
1 participant
@jennydaman