Skip to content

Commit b8cdff8

Browse files
committed
chore(controller): set gid uid to 1001
1 parent 5d76f57 commit b8cdff8

File tree

7 files changed

+60
-74
lines changed

7 files changed

+60
-74
lines changed

charts/controller/templates/controller-celery.yaml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ spec:
2626
- name: drycc-controller-init
2727
image: docker.io/drycc/python-dev:latest
2828
imagePullPolicy: {{.Values.imagePullPolicy}}
29-
command:
29+
args:
3030
- netcat
3131
- -v
3232
- -u
@@ -38,30 +38,27 @@ spec:
3838
- name: drycc-controller-celery-high
3939
image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
4040
imagePullPolicy: {{.Values.imagePullPolicy}}
41-
command:
41+
args:
4242
- /bin/bash
4343
- -c
44-
args:
4544
- celery -A api worker -Q priority.high --autoscale=32,1 --loglevel=WARNING
4645
{{- include "controller.limits" . | indent 8 }}
4746
{{- include "controller.envs" . | indent 8 }}
4847
- name: drycc-controller-celery-middle
4948
image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
5049
imagePullPolicy: {{.Values.imagePullPolicy}}
51-
command:
50+
args:
5251
- /bin/bash
5352
- -c
54-
args:
5553
- celery -A api worker -Q priority.middle --autoscale=16,1 --loglevel=WARNING
5654
{{- include "controller.limits" . | indent 8 }}
5755
{{- include "controller.envs" . | indent 8 }}
5856
- name: drycc-controller-celery-low
5957
image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
6058
imagePullPolicy: {{.Values.imagePullPolicy}}
61-
command:
59+
args:
6260
- /bin/bash
6361
- -c
64-
args:
6562
- celery -A api worker -Q priority.low --autoscale=8,1 --loglevel=WARNING
6663
{{- include "controller.limits" . | indent 8 }}
6764
{{- include "controller.envs" . | indent 8 }}

charts/controller/templates/controller-cronjob-daily.yaml

Lines changed: 9 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ spec:
2121
- name: drycc-controller-cronjob-daily-init
2222
image: docker.io/drycc/python-dev:latest
2323
imagePullPolicy: {{.Values.imagePullPolicy}}
24-
command:
24+
args:
2525
- netcat
2626
- -v
2727
- -u
@@ -33,37 +33,33 @@ spec:
3333
- image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
3434
imagePullPolicy: {{.Values.imagePullPolicy}}
3535
name: drycc-controller-load-db-state-to-k8s
36-
command:
36+
args:
3737
- /bin/bash
3838
- -c
39-
args:
4039
- python /workspace/manage.py load_db_state_to_k8s
4140
{{- include "controller.envs" . | indent 12 }}
4241
- image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
4342
imagePullPolicy: {{.Values.pull_policy}}
4443
name: drycc-controller-measure-apps
45-
command:
44+
args:
4645
- /bin/bash
4746
- -c
48-
args:
4947
- python -u /workspace/manage.py measure_apps
5048
{{- include "controller.envs" . | indent 12 }}
5149
- image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
5250
imagePullPolicy: {{.Values.pull_policy}}
5351
name: drycc-controller-measure-resources
54-
command:
55-
- /bin/bash
56-
- -c
5752
args:
58-
- python -u /workspace/manage.py measure_resources
53+
- /bin/bash
54+
- -c
55+
- python -u /workspace/manage.py measure_resources
5956
{{- include "controller.envs" . | indent 12 }}
6057
- image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
6158
imagePullPolicy: {{.Values.pull_policy}}
6259
name: drycc-controller-measure-volumes
63-
command:
64-
- /bin/bash
65-
- -c
6660
args:
67-
- python -u /workspace/manage.py measure_volumes
61+
- /bin/bash
62+
- -c
63+
- python -u /workspace/manage.py measure_volumes
6864
{{- include "controller.envs" . | indent 12 }}
6965

charts/controller/templates/controller-cronjob-hourly.yaml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ spec:
2121
- name: drycc-controller-init
2222
image: docker.io/drycc/python-dev:latest
2323
imagePullPolicy: {{.Values.imagePullPolicy}}
24-
command:
24+
args:
2525
- netcat
2626
- -v
2727
- -u
@@ -33,9 +33,8 @@ spec:
3333
- image: {{.Values.imageRegistry}}/{{.Values.imageOrg}}/controller:{{.Values.imageTag}}
3434
imagePullPolicy: {{.Values.pull_policy}}
3535
name: drycc-controller-measure-networks
36-
command:
37-
- /bin/bash
38-
- -c
3936
args:
40-
- python -u /workspace/manage.py measure_networks
37+
- /bin/bash
38+
- -c
39+
- python -u /workspace/manage.py measure_networks
4140
{{- include "controller.envs" . | indent 12 }}

charts/controller/templates/controller-deployment.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,13 @@ spec:
2626
- name: drycc-controller-init
2727
image: docker.io/drycc/python-dev:latest
2828
imagePullPolicy: {{.Values.imagePullPolicy}}
29-
command:
30-
- netcat
31-
- -v
32-
- -u
33-
- $(DRYCC_DATABASE_URL),$(DRYCC_RABBITMQ_URL)
34-
- -a
35-
- $(DRYCC_REDIS_ADDRS)
29+
args:
30+
- netcat
31+
- -v
32+
- -u
33+
- $(DRYCC_DATABASE_URL),$(DRYCC_RABBITMQ_URL)
34+
- -a
35+
- $(DRYCC_REDIS_ADDRS)
3636
{{- include "controller.envs" . | indent 8 }}
3737
containers:
3838
- name: drycc-controller

charts/controller/templates/controller-webhook-deloyment.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,13 @@ spec:
1616
- name: drycc-controller-init
1717
image: docker.io/drycc/python-dev:latest
1818
imagePullPolicy: {{.Values.imagePullPolicy}}
19-
command:
20-
- netcat
21-
- -v
22-
- -u
23-
- $(DRYCC_DATABASE_URL),$(DRYCC_RABBITMQ_URL)
24-
- -a
25-
- $(DRYCC_REDIS_ADDRS)
19+
args:
20+
- netcat
21+
- -v
22+
- -u
23+
- $(DRYCC_DATABASE_URL),$(DRYCC_RABBITMQ_URL)
24+
- -a
25+
- $(DRYCC_REDIS_ADDRS)
2626
{{- include "controller.envs" . | indent 8 }}
2727
containers:
2828
- name: drycc-controller

rootfs/Dockerfile

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,26 @@
11
FROM docker.io/drycc/base:bullseye
22

3-
RUN adduser --system \
4-
--shell /bin/bash \
5-
--disabled-password \
6-
--home /workspace \
7-
--group \
8-
drycc
3+
ARG DRYCC_UID=1001
4+
ARG DRYCC_GID=1001
5+
ARG DRYCC_HOME_DIR=/workspace
6+
7+
RUN groupadd drycc --gid ${DRYCC_GID} \
8+
&& useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}
99

1010
ENV PYTHON_VERSION="3.10.2"
11-
COPY requirements.txt /workspace/requirements.txt
11+
COPY requirements.txt ${DRYCC_HOME_DIR}/requirements.txt
1212

1313
RUN buildDeps='gcc libffi-dev libpq-dev rustc cargo'; \
1414
install-packages $buildDeps \
1515
&& install-stack python $PYTHON_VERSION && . init-stack \
16-
&& python3 -m venv /workspace/.venv \
17-
&& source /workspace/.venv/bin/activate \
18-
&& pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/requirements.txt \
19-
&& chown -R drycc:drycc /workspace \
16+
&& python3 -m venv ${DRYCC_HOME_DIR}/.venv \
17+
&& source ${DRYCC_HOME_DIR}/.venv/bin/activate \
18+
&& pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/requirements.txt \
19+
&& chown -R drycc:drycc ${DRYCC_HOME_DIR} \
2020
# set env
21-
&& echo "source /workspace/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
21+
&& echo "source ${DRYCC_HOME_DIR}/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
2222
# cleanup
23-
&& scanelp /workspace/.venv/lib > runtime.txt \
23+
&& scanelp ${DRYCC_HOME_DIR}/.venv/lib > runtime.txt \
2424
&& apt-get purge -y --auto-remove $buildDeps \
2525
&& install-packages $(< runtime.txt) \
2626
&& apt-get autoremove -y \
@@ -40,9 +40,9 @@ RUN buildDeps='gcc libffi-dev libpq-dev rustc cargo'; \
4040
/usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \
4141
&& mkdir -p /usr/share/man/man{1..8}
4242

43-
COPY . /workspace
44-
4543
USER drycc
46-
WORKDIR /workspace
47-
CMD ["/workspace/bin/boot"]
44+
45+
COPY --chown=drycc:drycc . ${DRYCC_HOME_DIR}
46+
WORKDIR ${DRYCC_HOME_DIR}
47+
CMD ["bin/boot"]
4848
EXPOSE 8000

rootfs/Dockerfile.test

Lines changed: 12 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,9 @@
11
FROM docker.io/drycc/base:bullseye
22

3-
RUN adduser --system \
4-
--shell /bin/bash \
5-
--disabled-password \
6-
--home /workspace \
7-
--group \
8-
drycc
3+
ARG DRYCC_HOME_DIR=/workspace
94

10-
COPY requirements.txt /workspace/requirements.txt
11-
COPY dev_requirements.txt /workspace/dev_requirements.txt
5+
COPY requirements.txt ${DRYCC_HOME_DIR}/requirements.txt
6+
COPY dev_requirements.txt ${DRYCC_HOME_DIR}/dev_requirements.txt
127

138
ENV PGDATA="/opt/drycc/postgresql/data" \
149
PYTHON_VERSION="3.10.2" \
@@ -24,15 +19,14 @@ RUN buildDeps='gcc rustc cargo libffi-dev musl-dev openssl'; \
2419
&& install-stack rabbitmq $RABBITMQ_VERSION \
2520
&& install-stack postgresql $POSTGRES_VERSION \
2621
&& install-stack gosu $GOSU_VERSION && . init-stack \
27-
&& python3 -m venv /workspace/.venv \
28-
&& source /workspace/.venv/bin/activate \
29-
&& pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/requirements.txt \
30-
&& pip3 install --disable-pip-version-check --no-cache-dir -r /workspace/dev_requirements.txt \
31-
&& chown -R drycc:drycc /workspace \
22+
&& python3 -m venv ${DRYCC_HOME_DIR}/.venv \
23+
&& source ${DRYCC_HOME_DIR}/.venv/bin/activate \
24+
&& pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/requirements.txt \
25+
&& pip3 install --disable-pip-version-check --no-cache-dir -r ${DRYCC_HOME_DIR}/dev_requirements.txt \
3226
# set env
33-
&& echo "source /workspace/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
27+
&& echo "source ${DRYCC_HOME_DIR}/.venv/bin/activate" >> /opt/drycc/python/profile.d/python.sh \
3428
# cleanup
35-
&& scanelp /workspace/.venv/lib > runtime.txt \
29+
&& scanelp ${DRYCC_HOME_DIR}/.venv/lib > runtime.txt \
3630
&& apt-get purge -y --auto-remove $buildDeps \
3731
&& install-packages $(< runtime.txt) \
3832
&& apt-get autoremove -y \
@@ -56,7 +50,7 @@ RUN buildDeps='gcc rustc cargo libffi-dev musl-dev openssl'; \
5650
&& chown -R postgres:postgres /run/postgresql $PGDATA \
5751
&& gosu postgres initdb -D $PGDATA
5852

59-
COPY . /workspace
60-
WORKDIR /workspace
61-
CMD ["/workspace/bin/boot"]
53+
COPY . ${DRYCC_HOME_DIR}
54+
WORKDIR ${DRYCC_HOME_DIR}
55+
CMD ["bin/boot"]
6256
EXPOSE 8000

0 commit comments

Comments
 (0)