Skip to content

Commit

Permalink
support non-root containers (open-telemetry#615)
Browse files Browse the repository at this point in the history 
* support non-root containers

Modify containers that fail to run as non-root.

* support non-root containers

Signed-off-by: Pierre Tessier <pierre@pierretessier.com>

* update changelog

Signed-off-by: Pierre Tessier <pierre@pierretessier.com>
Co-authored-by: Pierre Tessier <pierre@pierretessier.com>
Co-authored-by: Juliano Costa <julianocosta89@outlook.com>
  • Loading branch information
@styblope @puckpuck @julianocosta89
3 people authored Dec 7, 2022
1 parent e0f59c3 commit adad087
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 14 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,4 +147,6 @@ significant modifications will be credited to OpenTelemetry Authors.
* Add HTTP client instrumentation to shippingservice
([#610](https://github.com/open-telemetry/opentelemetry-demo/pull/610))
* Added Kafka, accountingservice and frauddetectionservice for async workflows
([#512](https://github.com/open-telemetry/opentelemetry-demo/pull/457))
([#512](https://github.com/open-telemetry/opentelemetry-demo/pull/457))
* Added support for non-root containers
([#615](https://github.com/open-telemetry/opentelemetry-demo/pull/615))
3 changes: 2 additions & 1 deletion docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,6 @@ services:
- JAEGER_SERVICE_PORT
- JAEGER_SERVICE_HOST
- ENVOY_PORT
- ENVOY_UID=0
depends_on:
- frontend
- featureflagservice
Expand Down Expand Up @@ -505,6 +504,7 @@ services:
ffs_postgres:
image: postgres:14
container_name: postgres
user: postgres
deploy:
resources:
limits:
Expand Down Expand Up @@ -625,6 +625,7 @@ services:
redis-cart:
image: redis:alpine
container_name: redis-cart
user: redis
deploy:
resources:
limits:
Expand Down
1 change: 1 addition & 0 deletions src/adservice/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ WORKDIR /usr/src/app/

COPY --from=builder /usr/src/app/ ./
ADD https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar
RUN chmod 644 /app/opentelemetry-javaagent.jar
ENV JAVA_TOOL_OPTIONS=-javaagent:/app/opentelemetry-javaagent.jar

EXPOSE ${AD_SERVICE_PORT}
Expand Down
7 changes: 3 additions & 4 deletions src/emailservice/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,12 @@ FROM ruby:3.1.2-slim

RUN apt-get update -y && apt-get install -y build-essential

COPY Gemfile* ./

RUN bundle install

WORKDIR /email_server

COPY . .

RUN bundle install
RUN chmod 666 ./Gemfile.lock

EXPOSE ${EMAIL_SERVICE_PORT}
ENTRYPOINT ["bundle", "exec", "ruby", "email_server.rb"]
1 change: 1 addition & 0 deletions src/frauddetectionservice/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ WORKDIR /usr/src/app/

COPY --from=builder /usr/src/app/build/libs/frauddetectionservice-1.0-all.jar ./
ADD https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar
RUN chmod 644 /app/opentelemetry-javaagent.jar
ENV JAVA_TOOL_OPTIONS=-javaagent:/app/opentelemetry-javaagent.jar

ENTRYPOINT [ "java", "-jar", "frauddetectionservice-1.0-all.jar" ]
6 changes: 4 additions & 2 deletions src/frontendproxy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
FROM envoyproxy/envoy-dev:8c202194ac6a2cb781eb6ce27d924b379b1e787f
RUN apt-get update && apt-get install -y gettext-base && apt-get clean && rm -rf /var/lib/apt/lists/*

COPY ./src/frontendproxy/envoy.tmpl.yaml /etc/envoy/envoy.tmpl.yaml
USER envoy
WORKDIR /home/envoy
COPY ./src/frontendproxy/envoy.tmpl.yaml envoy.tmpl.yaml

ENTRYPOINT ["/bin/sh", "-c", "envsubst < /etc/envoy/envoy.tmpl.yaml > /etc/envoy/envoy.yaml && envoy -c /etc/envoy/envoy.yaml;"]
ENTRYPOINT ["/bin/sh", "-c", "envsubst < envoy.tmpl.yaml > envoy.yaml && envoy -c envoy.yaml;"]
11 changes: 5 additions & 6 deletions src/quoteservice/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,10 @@ COPY --from=build /tmp/vendor/ ./vendor/
COPY ./src/quoteservice/ /var/www

ENV APACHE_DOCUMENT_ROOT /var/www/public
RUN sed -ri -e 's|/var/www/html|${APACHE_DOCUMENT_ROOT}|g' /etc/apache2/sites-available/*.conf
RUN a2enmod rewrite
RUN echo "ServerName quoteservice" >> /etc/apache2/apache2.conf
RUN sed -ri -e 's|/var/www/html|${APACHE_DOCUMENT_ROOT}|g' /etc/apache2/sites-available/*.conf \
&& a2enmod rewrite \
&& echo "ServerName quoteservice" >> /etc/apache2/apache2.conf \
&& sed -i "s/80/\$\{QUOTE_SERVICE_PORT\}/g" /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf

USER www-data
EXPOSE ${QUOTE_SERVICE_PORT}

ENTRYPOINT sed -i "s/80/${QUOTE_SERVICE_PORT}/g" /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf \
&& apache2-foreground

0 comments on commit adad087

Please sign in to comment.