Change chartmuseum container to non-root

Signed-off-by: DQ <dengq@vmware.com>

make/photon/chartserver/Dockerfile

@@ -2,21 +2,26 @@ FROM photon:2.0
 
 RUN tdnf install -y shadow sudo >>/dev/null\
     && tdnf clean all \
-    && mkdir /chartserver/ \
-    && mkdir /harbor/ \
-    && groupadd -r -g 10000 chartuser \
-    && useradd --no-log-init -m -r -g 10000 -u 10000 chartuser
-COPY ./make/photon/chartserver/binary/chartm /chartserver/
-COPY ./make/photon/chartserver/docker-entrypoint.sh /docker-entrypoint.sh
-COPY ./make/photon/common/install_cert.sh /harbor
+    && groupadd -r -g 10000 chart \
+    && useradd --no-log-init -m -g 10000 -u 10000 chart
+
+COPY ./make/photon/chartserver/binary/chartm /home/chart/
+COPY ./make/photon/chartserver/docker-entrypoint.sh /home/chart/
+COPY ./make/photon/common/install_cert.sh /home/chart/
+
+RUN chmod -R 777 /etc/pki/tls/certs \
+    && chown -R chart:chart /home/chart \
+    && chmod u+x /home/chart/chartm \
+    && chmod u+x /home/chart/docker-entrypoint.sh \
+    && chmod u+x /home/chart/install_cert.sh
+
+USER chart
+
+WORKDIR /home/chart
+
+ENTRYPOINT ["./docker-entrypoint.sh"]
 
 VOLUME ["/chart_storage"]
 EXPOSE 9999
 
-RUN chown -R 10000:10000 /chartserver \
-    && chmod u+x /chartserver/chartm \
-    && chmod u+x /docker-entrypoint.sh
-
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:9999/health || exit 1
-
-ENTRYPOINT ["/docker-entrypoint.sh"]

make/photon/chartserver/docker-entrypoint.sh

@@ -1,14 +1,10 @@
 #!/bin/bash
 set -e
 
-#/chart_storage is the directory in the contaienr for storing the chart artifacts
-#if storage driver is set to 'local'
-if [ -d /chart_storage ]; then
-    chown 10000:10000 -R /chart_storage
-fi
 
-/harbor/install_cert.sh
+/home/chart/install_cert.sh
 
 #Start the server process
-sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV
+/home/chart/chartm
+
 set +e