mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 12:45:34 +00:00
Change the clair container to non root user
Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
parent
d0ed075b91
commit
a0462f0baa
|
@ -2,24 +2,25 @@ FROM photon:2.0
|
||||||
|
|
||||||
RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\
|
RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\
|
||||||
&& tdnf clean all \
|
&& tdnf clean all \
|
||||||
&& mkdir /clair/ \
|
|
||||||
&& mkdir /harbor \
|
|
||||||
&& groupadd -r -g 10000 clair \
|
&& groupadd -r -g 10000 clair \
|
||||||
&& useradd --no-log-init -m -r -g 10000 -u 10000 clair
|
&& useradd --no-log-init -m -g 10000 -u 10000 clair
|
||||||
COPY ./make/photon/clair/binary/clair /clair/
|
COPY ./make/photon/clair/binary/clair /home/clair/
|
||||||
COPY ./make/photon/clair/docker-entrypoint.sh /docker-entrypoint.sh
|
COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/
|
||||||
COPY ./make/photon/clair/dumb-init /dumb-init
|
COPY ./make/photon/clair/dumb-init /home/clair/
|
||||||
COPY ./make/photon/common/install_cert.sh /harbor
|
COPY ./make/photon/common/install_cert.sh /home/clair/
|
||||||
|
|
||||||
VOLUME /config
|
VOLUME /config
|
||||||
|
|
||||||
EXPOSE 6060 6061
|
EXPOSE 6060 6061
|
||||||
|
|
||||||
RUN chown -R 10000:10000 /clair \
|
RUN chmod -R 777 /etc/pki/tls/certs \
|
||||||
&& chmod u+x /clair/clair \
|
&& chown -R clair:clair /home/clair \
|
||||||
&& chmod u+x /docker-entrypoint.sh \
|
&& chmod u+x /home/clair/clair \
|
||||||
&& chmod +x /dumb-init
|
&& chmod u+x /home/clair/docker-entrypoint.sh \
|
||||||
|
&& chmod +x /home/clair/dumb-init
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
|
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
|
||||||
|
|
||||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
WORKDIR /home/clair
|
||||||
|
USER clair
|
||||||
|
ENTRYPOINT ["./docker-entrypoint.sh"]
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
/harbor/install_cert.sh
|
/home/clair/install_cert.sh
|
||||||
sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair/clair -config /etc/clair/config.yaml $*"
|
/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $*
|
||||||
|
|
||||||
set +e
|
set +e
|
||||||
|
|
|
@ -6,6 +6,7 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- /data/registry:/storage
|
- /data/registry:/storage
|
||||||
- ./common/config/registry/:/etc/registry/
|
- ./common/config/registry/:/etc/registry/
|
||||||
|
- /etc/core/ca/ca.crt:/etc/registry/root.crt
|
||||||
ports:
|
ports:
|
||||||
- 5000:5000
|
- 5000:5000
|
||||||
command:
|
command:
|
||||||
|
|
|
@ -7,6 +7,8 @@ docker login -u admin -p Harbor12345 $IP:5000
|
||||||
|
|
||||||
docker tag hello-world $IP:5000/library/hello-world:latest
|
docker tag hello-world $IP:5000/library/hello-world:latest
|
||||||
docker push $IP:5000/library/hello-world:latest
|
docker push $IP:5000/library/hello-world:latest
|
||||||
|
echo "$? pushed hello world"
|
||||||
|
|
||||||
docker tag busybox $IP:5000/library/busybox:latest
|
docker tag busybox $IP:5000/library/busybox:latest
|
||||||
docker push $IP:5000/library/busybox:latest
|
docker push $IP:5000/library/busybox:latest
|
||||||
|
echo "$? pushed busybox"
|
||||||
|
|
|
@ -6,7 +6,7 @@ storage:
|
||||||
cache:
|
cache:
|
||||||
blobdescriptor: inmemory
|
blobdescriptor: inmemory
|
||||||
filesystem:
|
filesystem:
|
||||||
rootdirectory: /var/lib/registry
|
rootdirectory: /storage
|
||||||
http:
|
http:
|
||||||
addr: :5000
|
addr: :5000
|
||||||
headers:
|
headers:
|
||||||
|
@ -15,4 +15,4 @@ health:
|
||||||
storagedriver:
|
storagedriver:
|
||||||
enabled: true
|
enabled: true
|
||||||
interval: 10s
|
interval: 10s
|
||||||
threshold: 3
|
threshold: 3
|
||||||
|
|
|
@ -29,4 +29,5 @@ sudo ./tests/testprepare.sh
|
||||||
cd tests && sudo ./ldapprepare.sh && sudo ./admiral.sh && cd ..
|
cd tests && sudo ./ldapprepare.sh && sudo ./admiral.sh && cd ..
|
||||||
sudo sed -i 's/__reg_version__/${REG_VERSION}-dev/g' ./make/docker-compose.test.yml
|
sudo sed -i 's/__reg_version__/${REG_VERSION}-dev/g' ./make/docker-compose.test.yml
|
||||||
sudo sed -i 's/__version__/dev/g' ./make/docker-compose.test.yml
|
sudo sed -i 's/__version__/dev/g' ./make/docker-compose.test.yml
|
||||||
sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
|
sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
|
||||||
|
sudo mkdir /storage && sudo chown 10000:10000 -R /storage
|
||||||
|
|
Loading…
Reference in New Issue
Block a user