diff --git a/Dockerfile b/Dockerfile index 66f2c30..ae3e8e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM reg.dev.krd/hub.docker/library/node:16 as build-stage +FROM node:16 as build-stage WORKDIR /app @@ -13,8 +13,7 @@ COPY *.js ./ RUN npm run build -FROM reg.dev.krd/hub.docker/library/nginx:1.20-alpine AS production +FROM bitnami/nginx:1.20 AS production -COPY --from=build-stage /app/build /usr/share/nginx/html -COPY nginx.conf /etc/nginx/conf.d/default.conf -EXPOSE 80 +COPY --from=build-stage /app/build /app +EXPOSE 8080 diff --git a/kubernetes/base/deployment.yaml b/kubernetes/base/deployment.yaml index 291176d..a0b3660 100644 --- a/kubernetes/base/deployment.yaml +++ b/kubernetes/base/deployment.yaml @@ -17,6 +17,11 @@ spec: app: dsm-client spec: + securityContext: + runAsNonRoot: true + fsGroup: 1001 + sysctls: [] + containers: - name: dsm-client image: IMAGE @@ -28,11 +33,26 @@ spec: memory: 32Mi cpu: 5m ports: - - containerPort: 80 + - name: http + containerPort: 8080 livenessProbe: + tcpSocket: + port: http + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + tcpSocket: + port: http + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 initialDelaySeconds: 5 - periodSeconds: 15 - httpGet: - path: /health - port: 80 + + securityContext: + runAsUser: 1001 + runAsNonRoot: true diff --git a/kubernetes/base/service.yaml b/kubernetes/base/service.yaml index 54983f3..db5a10e 100644 --- a/kubernetes/base/service.yaml +++ b/kubernetes/base/service.yaml @@ -10,4 +10,5 @@ spec: app: dsm-client ports: - port: 80 + targetPort: 8080 type: ClusterIP diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 0b403f7..0000000 --- a/nginx.conf +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; - server_name _; - - location / { - root /usr/share/nginx/html; - try_files $uri $uri/ /index.html; - } - - location /health { - access_log off; - default_type text/plain; - return 200 "Healthy\n"; - } -}