All docker containers need to be run as a non-root user
richakanwar13 opened this issue · 6 comments
I have created a base image that should be added to all DockerFiles (FROM renciorg/renci-python-image:v0.0.1 directive). the dockerfile for the image can be found at: https://github.com/TranslatorSRI/RENCI-Python-image.git
This base image specifies the latest version of python 3.9 (python:3.9.10-buster, aka python:3.9-buster). this image also includes the creation of a non-root user and other basic directives common to all of our images.
i am currently in the process of updating the docker files for applicable projects in the repos for TranslatorSRI, ranking-agent and RENCI-AUTOMAT to derive from this base image.
to the best of my knowledge, there are only 3 remaining products that need the non-root user updates verified.
strider, kp-registry and filter-n-results should be verified that they actually need the update. they should be updated and deployed if they dont.
strider - prod web interface and redis still run as a root user. -dev web interface ok, redis still runs as a root user.
kp-registry - all set.
api-watchdog - will be all set when next image is deployed (app currently in test)
filter-results top n - currently working the sterling/prod deploy. I presume that the image still needs to be corrected.
- api-watchdog pending
- waiting on a new version of strider
New version of dev strider has been deployed. Phil to look into api-watchdog.
Complete as of 3/4