Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-21 23:21:26 +01:00
Code Issues Projects Releases Wiki Activity

Running job service with non-root container

Browse Source 
job-service running with 10000:10000 user

Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
Qian Deng 2019-07-23 09:50:24 +00:00
parent e62a9f1e18
commit 29727148b3
4 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
make/photon/jobservice/Dockerfile
View File

@ -1,13 +1,17 @@
FROM photon:2.0
RUN mkdir /harbor/ \
&& tdnf install sudo -y >> /dev/null\
RUN tdnf install sudo -y >> /dev/null\
&& tdnf clean all \
&& groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor
&& groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor
COPY ./make/photon/jobservice/start.sh ./make/photon/jobservice/harbor_jobservice /harbor/
COPY ./make/photon/jobservice/harbor_jobservice /harbor/
RUN chmod u+x /harbor/harbor_jobservice
RUN chmod u+x /harbor/harbor_jobservice /harbor/start.sh
RUN mkdir -p /var/log/jobs
WORKDIR /harbor/
ENTRYPOINT ["/harbor/start.sh"]
USER harbor
VOLUME ["/var/log/jobs/"]
ENTRYPOINT ["/harbor/harbor_jobservice", "-c", "/etc/jobservice/config.yml"]

6
make/photon/jobservice/start.sh
View File

@ -1,6 +0,0 @@
#!/bin/sh
if [ -d /var/log/jobs ]; then
chown -R 10000:10000 /var/log/jobs/
fi
sudo -E -u \#10000 "/harbor/harbor_jobservice" "-c" "/etc/jobservice/config.yml"

3
make/photon/prepare/utils/jobservice.py
View File

@ -18,7 +18,8 @@ def prepare_job_service(config_dict):
# Job log is stored in data dir
job_log_dir = os.path.join('/data', "job_logs")
prepare_config_dir(job_log_dir)
file_path = prepare_config_dir(job_log_dir)
os.chown(file_path, DEFAULT_UID, DEFAULT_GID)
# Render Jobservice env
render_jinja(
job_service_env_template_path,

9
make/prepare
View File

@ -45,10 +45,11 @@ secret_dir=${data_path}/secret
config_dir=$harbor_prepare_path/common/config
# Run prepare script
docker run --rm -v $input_dir:/input:z \
-v $harbor_prepare_path:/compose_location:z \
-v $config_dir:/config:z \
-v $secret_dir:/secret:z \
docker run --rm -v $input_dir:/input \
-v $data_path:/data \
-v $harbor_prepare_path:/compose_location \
-v $config_dir:/config \
-v $secret_dir:/secret \
goharbor/prepare:dev $@
echo "Clean up the input dir"