Skip to content
Snippets Groups Projects
Commit f222abff authored by Remi PLANEL's avatar Remi PLANEL
Browse files

create worker user for backend

parent 2f581cab
No related branches found
No related tags found
1 merge request!14Draft: Resolve "Kube: create sidecar container to clean uploaded file"
Pipeline #125246 passed
Stage: delete-release
Stage: build
Stage: deploy
Hide whitespace changes
Inline Side-by-side
backend/Dockerfile
+ 8
4
View file @ f222abff
...@@ -14,15 +14,19 @@ RUN poetry export -f requirements.txt --output requirements.txt --without-hashes ...@@ -14,15 +14,19 @@ RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
FROM python:3.11.4-slim-bookworm FROM python:3.11.4-slim-bookworm
RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev RUN apt update -y && apt upgrade -y && apt install -y python3-dev libpq-dev cron
RUN useradd -ms /bin/bash worker
USER worker
WORKDIR /code WORKDIR /code
COPY --from=requirements-stage /tmp/requirements.txt /code/requirements.txt COPY --chown=worker:worker --from=requirements-stage /tmp/requirements.txt /code/requirements.txt
RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt RUN pip install --user --no-cache-dir --upgrade -r /code/requirements.txt
COPY . ./ COPY --chown=worker:worker . ./
EXPOSE 8000 EXPOSE 8000
......
deploy/charts/djangoninja/values.yaml
+ 2
2
View file @ f222abff
...@@ -37,8 +37,8 @@ securityContext: ...@@ -37,8 +37,8 @@ securityContext:
# - ALL # - ALL
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1001 runAsUser: 1000
fsGroup: 1001 fsGroup: 1000
service: service:
type: ClusterIP type: ClusterIP
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment