From 71b049be98e78652d47a00c703babdb6f910bd67 Mon Sep 17 00:00:00 2001 From: Julien Laurenceau Date: Thu, 7 Sep 2023 15:14:01 +0200 Subject: [PATCH 1/3] feat: improve Dockerfile and remove vuln --- Dockerfile | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 44ad781b..c834e0cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:11-jre-slim-stretch as server +FROM eclipse-temurin:11-jdk-jammy as server ARG SPARK_VERSION=3.4.1 ARG HADOOP_VERSION=3 @@ -9,7 +9,7 @@ COPY server/ ./server/ WORKDIR /home/app/server/ RUN ./gradlew build -x test -PSPARK_VERSION=${SPARK_VERSION} -FROM node:lts-alpine3.14 as frontend +FROM node:lts-alpine3.18 as frontend ARG SPARK_VERSION=3.4.1 ARG HADOOP_VERSION=3 @@ -23,7 +23,7 @@ RUN wget "https://downloads.apache.org/spark/spark-${SPARK_VERSION}/spark-${SPAR WORKDIR /home/app/frontend/ RUN yarn install && yarn build -FROM openjdk:11-jre-slim-bullseye +FROM eclipse-temurin:11-jdk-jammy ARG SPARK_VERSION=3.4.1 ARG HADOOP_VERSION=3 @@ -45,7 +45,25 @@ COPY --from=frontend /home/app/spark-${SPARK_VERSION}-bin-hadoop${HADOOP_VERSION COPY k8s/ ./k8s/ +ARG spark_uid=10000 +ARG spark_gid=10001 +RUN groupadd -g ${spark_gid} spark && useradd spark -u ${spark_uid} -g ${spark_gid} -m -s /bin/bash +RUN mkdir -p /home/db /tmp/spark-events /tmp/staging /tmp/s3a ${SPARK_HOME}/workdir && \ + chmod -R go+rwX /tmp && \ + chmod -R go+rX /opt /home && \ + chmod g+wX ${SPARK_HOME}/workdir && \ + chown -R spark:spark ${SPARK_HOME} /home/db && \ + chmod -R go+rX ${SPARK_HOME} +RUN apt-get update && apt-get upgrade -y && \ + apt-get autoremove --purge -y curl wget && \ + apt-get install -y --no-install-recommends --allow-downgrades -y atop procps && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/* + EXPOSE 8080 EXPOSE 25333 ENTRYPOINT ["java", "-jar", "/home/app/application.jar"] + +# Specify the User that the actual main process will run as +USER ${spark_uid} +SHELL ["/bin/bash", "-c"] \ No newline at end of file From 56cb64d98d054147c4bc5c5418dd1b76e418a1be Mon Sep 17 00:00:00 2001 From: Julien Laurenceau Date: Fri, 8 Sep 2023 15:11:55 +0200 Subject: [PATCH 2/3] chore: cleaner dockerfile --- Dockerfile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c834e0cc..f39e317f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,11 +48,7 @@ COPY k8s/ ./k8s/ ARG spark_uid=10000 ARG spark_gid=10001 RUN groupadd -g ${spark_gid} spark && useradd spark -u ${spark_uid} -g ${spark_gid} -m -s /bin/bash -RUN mkdir -p /home/db /tmp/spark-events /tmp/staging /tmp/s3a ${SPARK_HOME}/workdir && \ - chmod -R go+rwX /tmp && \ - chmod -R go+rX /opt /home && \ - chmod g+wX ${SPARK_HOME}/workdir && \ - chown -R spark:spark ${SPARK_HOME} /home/db && \ +RUN chown -R spark:spark ${SPARK_HOME} && \ chmod -R go+rX ${SPARK_HOME} RUN apt-get update && apt-get upgrade -y && \ apt-get autoremove --purge -y curl wget && \ @@ -63,7 +59,5 @@ EXPOSE 8080 EXPOSE 25333 ENTRYPOINT ["java", "-jar", "/home/app/application.jar"] - # Specify the User that the actual main process will run as USER ${spark_uid} -SHELL ["/bin/bash", "-c"] \ No newline at end of file From ccfef850ae7b197b99ef1e54e3bc5bcd5946f005 Mon Sep 17 00:00:00 2001 From: Julien Laurenceau Date: Fri, 8 Sep 2023 15:24:49 +0200 Subject: [PATCH 3/3] chore: use base image JRE --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f39e317f..a16fdce5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN wget "https://downloads.apache.org/spark/spark-${SPARK_VERSION}/spark-${SPAR WORKDIR /home/app/frontend/ RUN yarn install && yarn build -FROM eclipse-temurin:11-jdk-jammy +FROM eclipse-temurin:11-jre-jammy ARG SPARK_VERSION=3.4.1 ARG HADOOP_VERSION=3