allow container to run as unprivileged user #103

Spirit-act · 2025-04-22T09:45:54Z

This merge request aims to allow the plugin-server to run as non-root. It also tries to reduce the image size and remove unnecessary dependencies.

This Container should no be able to run in a hardened Kubernetes cluster which enforced non-root containers.

Changes

Dockerfile

Use a multistage Build to separate build stage from final prod stage
exclude dev dependencies from final build
set some default env variables

Code

change export path of files to tmp folder. Every User can write to the tmp folder.

Disclaimer

This is not tested for development, but I assume, that development is not done within the container.

I'm also not very familiar with this codebase and therefor no application testing was done except for simple startups.

- change export path of files to tmp folder - restructure Dockerfile - build with non root user (as far as possible) - use multistage build for smaller images - exclude dev dependencies from prod build - set default env variables Signed-off-by: Spirit-act <[email protected]>

Signed-off-by: Spirit-act <[email protected]>

Spirit-act added 3 commits April 22, 2025 11:07

improve Dockerfile comments

0109bd1

Signed-off-by: Spirit-act <[email protected]>

add expose

e8c06ba

Signed-off-by: Spirit-act <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

allow container to run as unprivileged user #103

allow container to run as unprivileged user #103

Uh oh!

Spirit-act commented Apr 22, 2025

Uh oh!

Uh oh!

allow container to run as unprivileged user #103

Are you sure you want to change the base?

allow container to run as unprivileged user #103

Uh oh!

Conversation

Spirit-act commented Apr 22, 2025

Changes

Dockerfile

Code

Disclaimer

Uh oh!

Uh oh!