[GitHub] [pulsar] sijie commented on a change in pull request #8796: [Issue 8751] Update Dockerfile for Pulsar and Dashboard to Create and Use pulsar User (nonroot user)

[GitBox <gi...@apache.org>]

sijie commented on a change in pull request #8796:
URL: https://github.com/apache/pulsar/pull/8796#discussion_r539033618



##########
File path: docker/pulsar/Dockerfile
##########
@@ -53,21 +55,25 @@ RUN python3.7 get-pip.py
 
 RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10
 
-ADD target/python-client/ /pulsar/pulsar-client
-ADD target/cpp-client/ /pulsar/cpp-client
+ADD --chown=pulsar:pulsar target/python-client/ /pulsar/pulsar-client
+ADD --chown=pulsar:pulsar target/cpp-client/ /pulsar/cpp-client
 RUN echo networkaddress.cache.ttl=1 >> $JAVA_HOME/jre/lib/security/java.security
 RUN apt-get update \
      && apt install -y /pulsar/cpp-client/*.deb \
      && apt-get clean \
+     && chown -R pulsar:pulsar /pulsar/cpp-client/
      && rm -rf /var/lib/apt/lists/*
 
+# Start using the pulsar user to ensure container defaults to run as non root user
+USER pulsar
+
+# Directories will have correct permission because we switched to the pulsar user
+RUN mkdir /pulsar/conf /pulsar/data

Review comment:
       @michaeljmarshall when the docker image is used in Kubernetes, the helm chart will mount the disks to `/pulsar/data`. Does it change the permission?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org