sijie commented on a change in pull request #8796:
URL: https://github.com/apache/pulsar/pull/8796#discussion_r539033618
##########
File path: docker/pulsar/Dockerfile
##########
@@ -53,21 +55,25 @@ RUN python3.7 get-pip.py
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 10
-ADD target/python-client/ /pulsar/pulsar-client
-ADD target/cpp-client/ /pulsar/cpp-client
+ADD --chown=pulsar:pulsar target/python-client/ /pulsar/pulsar-client
+ADD --chown=pulsar:pulsar target/cpp-client/ /pulsar/cpp-client
RUN echo networkaddress.cache.ttl=1 >>
$JAVA_HOME/jre/lib/security/java.security
RUN apt-get update \
&& apt install -y /pulsar/cpp-client/*.deb \
&& apt-get clean \
+ && chown -R pulsar:pulsar /pulsar/cpp-client/
&& rm -rf /var/lib/apt/lists/*
+# Start using the pulsar user to ensure container defaults to run as non root
user
+USER pulsar
+
+# Directories will have correct permission because we switched to the pulsar
user
+RUN mkdir /pulsar/conf /pulsar/data
Review comment:
@michaeljmarshall when the docker image is used in Kubernetes, the helm
chart will mount the disks to `/pulsar/data`. Does it change the permission?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
