Run container under kubernetes properly as non-root

abh · abh · commit e94e5df83691 · 2019-11-04T23:20:40.000-08:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,5 @@
-FROM quay.io/perl/base-os:v3.3
+#FROM quay.io/perl/base-os:v3.10-2
+FROM quay.io/perl/base-os:master
 
 # Note that this only builds dependencies and such, it doesn't
 # actually include the site code etc itself. The site code
@@ -7,15 +8,15 @@ FROM quay.io/perl/base-os:v3.3
 
 # Cache buster for occasionally resetting the cached images even if
 # the base doesn't change.
-ENV LAST_UPDATED 2018-07-17
+ENV LAST_UPDATED 2019-11-04
 
 USER root
 
 RUN apk update; apk upgrade ; apk add curl git \
   perl-dev wget make \
   inotify-tools \
   expat-dev zlib-dev libressl-dev libressl \
-  mariadb-client mariadb-client-libs mariadb-dev build-base
+  mariadb-client mariadb-dev build-base
 
 ADD .modules /tmp/modules.txt
 ADD combust/.modules /tmp/combust-modules.txt
@@ -25,18 +26,18 @@ RUN curl -sfLo /usr/bin/cpanm https://raw.githubusercontent.com/miyagawa/cpanmin
 RUN grep -hv '^#' /tmp/combust-modules.txt /tmp/modules.txt | \
   cpanm -n; rm -fr ~/.cpanm; rm -f /tmp/modules /tmp/combust-modules.txt
 
-ENV CBROOTLOCAL=/perlweb/
-ENV CBROOT=/perlweb/combust
-ENV CBCONFIG=/perlweb/combust.docker.conf
+ENV CBROOTLOCAL=/git/perlweb/
+ENV CBROOT=/git/perlweb/combust
+ENV CBCONFIG=/git/perlweb/combust.docker.conf
 
 # optional; in production we load the data into the container
 #VOLUME /perlweb
 
-WORKDIR /perlweb
+WORKDIR /git/perlweb
 EXPOSE 8235
 
 RUN addgroup perlweb && adduser -D -G perlweb perlweb
-RUN chown perlweb:perlweb /perlweb
+RUN chown perlweb:perlweb /git/perlweb
 
 RUN mkdir /var/tmp/perlweb; chown perlweb:perlweb /var/tmp/perlweb; chmod 700 /var/tmp/perlweb
 
diff --git a/docker/container-run.sh b/docker/container-run.sh
@@ -2,7 +2,7 @@
 
 # for running under docker for testing
 
-cd /perlweb
+cd /git/perlweb
 ls -latr
 if [ -e .git ]; then
 	echo Already has a git checkout
diff --git a/docker/kube-start b/docker/kube-start
@@ -1,12 +1,5 @@
 #!/bin/sh
 
-# we have to start the image as root just to make
-# this possible. An alternative would be to make it
-# into the image and use /git/perlweb when running
-# the image just under docker for testing ...
-rmdir /perlweb
-ln -s /git/perlweb /perlweb
-
 # use this as 'entrypoint' / command in the kubernetes container
 while [ ! -f $1 ]
 do
