diff --git a/Dockerfile b/Dockerfile index 71a9664..25c53a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16 as build-stage +FROM node:16 as build WORKDIR /app @@ -13,7 +13,18 @@ COPY *.js ./ RUN npm run build -FROM nginx:stable-alpine AS production +RUN echo "nobody:x:1001:1001:nobody:/:" > /etc_passwd +RUN chown -R 1001:1001 /app/build -COPY --from=build-stage /app/build /usr/share/nginx/html -EXPOSE 80 +FROM reg.dev.krd/hub.docker/joseluisq/static-web-server:2 AS production + +COPY --from=build /app/build /public +COPY --from=build /etc_passwd /etc/passwd + +ENV SERVER_PORT=8080 +ENV SERVER_LOG_LEVEL=info +ENV SERVER_FALLBACK_PAGE=/public/404.html + +USER nobody + +EXPOSE 8080 diff --git a/kubernetes/base/deployment.yaml b/kubernetes/base/deployment.yaml index 4f643af..ed0f39e 100644 --- a/kubernetes/base/deployment.yaml +++ b/kubernetes/base/deployment.yaml @@ -7,6 +7,7 @@ metadata: app: dsm-client spec: + replicas: 2 selector: matchLabels: app: dsm-client @@ -17,33 +18,32 @@ spec: app: dsm-client spec: + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + containers: - name: dsm-client image: IMAGE - resources: - limits: - memory: 32Mi - cpu: 500m - requests: - memory: 32Mi - cpu: 5m + ports: - name: http - containerPort: 80 + containerPort: 8080 + + resources: + limits: + cpu: 100m + memory: 32Mi + requests: + cpu: 5m + memory: 32Mi livenessProbe: tcpSocket: port: http - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 readinessProbe: tcpSocket: port: http periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 3 - successThreshold: 1 - initialDelaySeconds: 5