Merge pull request #202 from catenax-ng/release/v2.1.0/trg-4-02

[ 17° ] - Release/v2.1.0/trg 4 02 & trg 4.03: updated container base images and adjusted user ids
eclipse-tractusx · Feb 2, 2024 · a60981c · a60981c
2 parents a57c5f3 + dfd8823
commit a60981c
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 21 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,8 @@
 #################################################################################
-# Catena-X - Product Passport Consumer Frontend
+# Catena-X - Digital Product Pass Frontend Application
 #
-# Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -40,7 +41,7 @@ COPY . .
 RUN npm run build
 
 
-FROM nginxinc/nginx-unprivileged:stable-alpine
+FROM nginxinc/nginx-unprivileged:alpine
 
 ARG REPO_COMMIT_ID='REPO_COMMIT_ID'
 ARG REPO_ENDPOINT_URL='REPO_ENDPOINT_URL'
@@ -50,7 +51,7 @@ ENV REPO_ENDPOINT_URL=${REPO_ENDPOINT_URL}
 USER root
 
 RUN addgroup -g 3000 appgroup \
-	&& adduser -u 10000 -g 3000 -h /home/appuser -D appuser
+	&& adduser -u 1000 -g 3000 -h /home/nonroot -D nonroot
 
 COPY ./entrypoint.sh /entrypoint.sh
 
@@ -62,15 +63,15 @@ COPY --from=builder /app/dist /usr/share/nginx/html
 HEALTHCHECK NONE
 
 # add permissions for a user
-RUN chown -R 10000:3000 /app && chmod -R 775 /app/
-RUN chown 10000:3000 /entrypoint.sh && chmod -R 775 /entrypoint.sh
+RUN chown -R 1000:3000 /app && chmod -R 775 /app/
+RUN chown 1000:3000 /entrypoint.sh && chmod -R 775 /entrypoint.sh
 
 # Install bash for env variables inject script
 RUN apk update && apk add --no-cache bash
 # Make nginx owner of /usr/share/nginx/html/ and change to nginx user
-RUN chown -R 10000:3000 /usr/share/nginx/html/ && chmod -R 775 /usr/share/nginx/html/
+RUN chown -R 1000:3000 /usr/share/nginx/html/ && chmod -R 775 /usr/share/nginx/html/
 
-USER 10000:3000
+USER 1000:3000
 
 EXPOSE 8080
 

diff --git a/charts/digital-product-pass/values.yaml b/charts/digital-product-pass/values.yaml
@@ -57,7 +57,7 @@ backend:
       # -- Restrict a Container's Syscalls with seccomp
       type: RuntimeDefault
     # -- Runs all processes within a pod with a special uid
-    runAsUser: 10000
+    runAsUser: 1000
     # -- Processes within a pod will belong to this guid
     runAsGroup: 3000
     # -- The owner for volumes and any files created within volumes will belong to this guid
@@ -78,7 +78,7 @@ backend:
     # -- Requires the container to run without root privileges
     runAsNonRoot: true
     # -- The container's process will run with the specified uid
-    runAsUser: 10000
+    runAsUser: 1000
     # -- The owner for volumes and any files created within volumes will belong to this guid
     runAsGroup: 3000
 
@@ -190,7 +190,7 @@ frontend:
       # -- Restrict a Container's Syscalls with seccomp
       type: RuntimeDefault
     # -- Runs all processes within a pod with a special uid
-    runAsUser: 10000
+    runAsUser: 1000
     # -- Processes within a pod will belong to this guid
     runAsGroup: 3000
     # -- The owner for volumes and any files created within volumes will belong to this guid
@@ -211,7 +211,7 @@ frontend:
     # -- Requires the container to run without root privileges
     runAsNonRoot: true
     # -- The container's process will run with the specified uid
-    runAsUser: 10000
+    runAsUser: 1000
     # -- The owner for volumes and any files created within volumes will belong to this guid
     runAsGroup: 3000
 

diff --git a/dpp-backend/charts/digital-product-pass-backend/values.yaml b/dpp-backend/charts/digital-product-pass-backend/values.yaml
@@ -1,5 +1,5 @@
 #################################################################################
-# Catena-X - Product Passport Consumer Application
+# Catena-X - Digital Product Pass Application
 #
 # Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
 # Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
@@ -154,14 +154,14 @@ oauth:
     enabled: false
 
 podSecurityContext:
-  runAsUser: 10000
+  runAsUser: 1000
   fsGroup: 3000
 
 securityContext:
   readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
   runAsNonRoot: true
-  runAsUser: 10000
+  runAsUser: 1000
   runAsGroup: 3000
 
 serviceAccount:

diff --git a/dpp-backend/digitalproductpass/Dockerfile b/dpp-backend/digitalproductpass/Dockerfile
@@ -1,7 +1,8 @@
 #################################################################################
-# Catena-X - Product Passport Consumer Backend
+# Catena-X - Digital Product Pass Backend Application
 #
-# Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -21,10 +22,10 @@
 #################################################################################
 
 
-FROM eclipse-temurin:19-alpine
+FROM eclipse-temurin:21-jre-alpine
 
 RUN addgroup -g 3000 appgroup \
-	&& adduser -u 10000 -g 3000 -h /home/appuser -D appuser
+	&& adduser -u 1000 -g 3000 -h /home/nonroot -D nonroot
 
 WORKDIR /app
 
@@ -39,9 +40,9 @@ COPY ./target/digitalproductpass*.jar digitalproductpass.jar
 HEALTHCHECK NONE
 
 # add permissions for a user
-RUN chown -R 10000:3000 /app && chmod -R 775 /app/
+RUN chown -R 1000:3000 /app && chmod -R 775 /app/
 
-USER 10000:3000
+USER 1000:3000
 EXPOSE 8080
 
 ENTRYPOINT ["java", "-jar", "./digitalproductpass.jar"]