From d4c7016937c12f3f01e53f2af69d406e614dee5a Mon Sep 17 00:00:00 2001 From: Stephan Schnabel Date: Tue, 5 Dec 2023 09:19:46 +0100 Subject: [PATCH] Refactored dockerfiles into one file (#138) --- .github/workflows/build.yaml | 21 +-- .github/workflows/ci.yaml | 6 +- pom.xml | 44 ++--- src/main/docker/Dockerfile | 164 +++++++++++++++++++ src/main/docker/base/Dockerfile | 9 - src/main/docker/{temurin => }/cache-ispn.xml | 0 src/main/docker/distroless-import/Dockerfile | 27 --- src/main/docker/distroless/Dockerfile | 37 ----- src/main/docker/temurin-import/Dockerfile | 26 --- src/main/docker/temurin/Dockerfile | 38 ----- src/test/k3s/test/keycloak/statefulset.yaml | 9 +- 11 files changed, 195 insertions(+), 186 deletions(-) create mode 100644 src/main/docker/Dockerfile delete mode 100644 src/main/docker/base/Dockerfile rename src/main/docker/{temurin => }/cache-ispn.xml (100%) delete mode 100644 src/main/docker/distroless-import/Dockerfile delete mode 100644 src/main/docker/distroless/Dockerfile delete mode 100644 src/main/docker/temurin-import/Dockerfile delete mode 100644 src/main/docker/temurin/Dockerfile diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2bdfa89..12a6b37 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,7 +19,7 @@ jobs: - run: echo "timestamp=`date +"%Y%m%d-%H%M%S"`" >> $GITHUB_ENV - run: echo "version=`mvn help:evaluate -Dexpression=version.org.keycloak -DforceStdout -q`" >> $GITHUB_ENV - run: echo "major=`mvn help:evaluate -Dexpression=version.org.keycloak -DforceStdout -q | cut -d. -f1`" >> $GITHUB_ENV - - run: mvn -B -ntp prepare-package -Dimage.tag=${{ env.version }}-${{ env.timestamp }} + - run: mvn -B -ntp prepare-package -Dcheck.skip -Dimage.tag=${{ env.version }}-${{ env.timestamp }} - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - name: docker/login-action docker.io @@ -102,38 +102,35 @@ jobs: ${{ env.version }}-${{ env.timestamp }}-distroless-import ${{ env.major }}-distroless-import ${{ env.major }}-${{ env.timestamp }}-distroless-import - - name: docker/build-push-action base - uses: docker/build-push-action@v5 - with: - context: target/docker/base - push: true - platforms: linux/amd64,linux/arm64 - tags: docker.io/kokuwaio/keycloak:${{ env.version }}-${{ env.timestamp }}-base - name: docker/build-push-action temurin uses: docker/build-push-action@v5 with: - context: target/docker/temurin + context: target/docker push: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.temurin.outputs.tags }} + target: temurin - name: docker/build-push-action temurin-import uses: docker/build-push-action@v5 with: - context: target/docker/temurin-import + context: target/docker push: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.temurin-import.outputs.tags }} + target: temurin-import - name: docker/build-push-action distroless uses: docker/build-push-action@v5 with: - context: target/docker/distroless + context: target/docker push: true platforms: linux/amd64 tags: ${{ steps.distroless.outputs.tags }} + target: distroless - name: docker/build-push-action distroless-import uses: docker/build-push-action@v5 with: - context: target/docker/distroless-import + context: target/docker push: true platforms: linux/amd64 tags: ${{ steps.distroless-import.outputs.tags }} + target: distroless-import diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6d801d6..9fe8ec4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,15 +34,11 @@ jobs: dockerfile: runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - context: [base, temurin, temurin-import, distroless, distroless-import] steps: - uses: actions/checkout@v4 - uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: src/main/docker/${{ matrix.context }}/Dockerfile + dockerfile: src/main/docker/Dockerfile verify: runs-on: ubuntu-latest diff --git a/pom.xml b/pom.xml index b04a5a9..6e8019b 100644 --- a/pom.xml +++ b/pom.xml @@ -169,13 +169,13 @@ keycloak-quarkus-dist ${version.org.keycloak} tar.gz - ${project.build.directory}/docker/base + ${project.build.directory}/docker io.kokuwa.keycloak keycloak-event-metrics ${version.io.kokuwa.keycloak.metrics} - ${project.build.directory}/docker/temurin + ${project.build.directory}/docker @@ -246,21 +246,6 @@ org.codehaus.mojo exec-maven-plugin - - docker-base - package - - exec - - - - build - --tag - ${image.name}:${image.tag}-base - base - - - docker-temurin package @@ -270,9 +255,9 @@ build - --tag - ${image.name}:${image.tag}-temurin - temurin + ${project.build.directory}/docker + --tag=${image.name}:${image.tag}-temurin + --target=temurin @@ -285,9 +270,9 @@ build - --tag - ${image.name}:${image.tag}-temurin-import - temurin-import + ${project.build.directory}/docker + --tag=${image.name}:${image.tag}-temurin-import + --target=temurin-import @@ -300,9 +285,9 @@ build - --tag - ${image.name}:${image.tag}-distroless - distroless + ${project.build.directory}/docker + --tag=${image.name}:${image.tag}-distroless + --target=distroless @@ -315,16 +300,15 @@ build - --tag - ${image.name}:${image.tag}-distroless-import - distroless-import + ${project.build.directory}/docker + --tag=${image.name}:${image.tag}-distroless-import + --target=distroless-import docker - ${project.build.directory}/docker diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile new file mode 100644 index 0000000..3739368 --- /dev/null +++ b/src/main/docker/Dockerfile @@ -0,0 +1,164 @@ +FROM docker.io/library/debian:stable-slim AS keycloak +ARG VERSION=${version.org.keycloak} +ADD keycloak-quarkus-dist-$VERSION.tar.gz /tmp +RUN mv "/tmp/keycloak-$VERSION" /app && rm -rf /app/bin/client /app/bin/*.bat + +FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-runtime +# https://www.keycloak.org/server/all-config +ENV \ + KC_DB=postgres \ + KC_CACHE=ispn \ + KC_CACHE_STACK=kubernetes \ + KC_CACHE_DNS=keycloak-headless \ + KC_CACHE_OWNERS=2 \ + KC_HEALTH_ENABLED=true \ + KC_METRICS_ENABLED=true \ + KC_METRICS_EVENT_REPLACE_IDS=true \ + KC_METRICS_STATS_ENABLED=true \ + URI_METRICS_ENABLED=false \ + URI_METRICS_DETAILED=false \ + KC_PROXY=edge \ + KC_LOG_CONSOLE_OUTPUT=json +COPY --from=keycloak /app /app +COPY cache-ispn.xml /app/conf/cache-ispn.xml +COPY keycloak-event-metrics-${version.io.kokuwa.keycloak.metrics}.jar /app/providers/metrics-spi.jar +RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build + +FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS keycloak-import +ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json +COPY --from=keycloak /app /app +RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build + +### +### Temurin +### + +FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin + +# https://github.com/opencontainers/image-spec/blob/main/annotations.md +LABEL org.opencontainers.image.title ${project.name} +LABEL org.opencontainers.image.description ${project.description} +LABEL org.opencontainers.image.url ${project.url} +LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile +LABEL org.opencontainers.image.vendor ${project.organization.name} +LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people +LABEL org.opencontainers.image.licenses Apache-2.0 +LABEL org.opencontainers.image.version ${version.org.keycloak} +LABEL org.opencontainers.image.created ${git.build.time} +LABEL org.opencontainers.image.revision ${git.commit.id} +LABEL org.opencontainers.image.ref.name ${image.tag}-temurin +LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre + +# https://www.keycloak.org/server/all-config +ENV \ + KC_DB=postgres \ + KC_CACHE=ispn \ + KC_CACHE_STACK=kubernetes \ + KC_CACHE_DNS=keycloak-headless \ + KC_CACHE_OWNERS=2 \ + KC_HEALTH_ENABLED=true \ + KC_METRICS_ENABLED=true \ + KC_METRICS_EVENT_REPLACE_IDS=true \ + KC_METRICS_STATS_ENABLED=true \ + URI_METRICS_ENABLED=false \ + URI_METRICS_DETAILED=false \ + KC_PROXY=edge \ + KC_LOG_CONSOLE_OUTPUT=json + +COPY --from=keycloak-runtime /app /app +ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"] +CMD ["start", "--optimized"] + +### +### Temurin Import +### + +FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre AS temurin-import + +# https://github.com/opencontainers/image-spec/blob/main/annotations.md +LABEL org.opencontainers.image.title ${project.name} +LABEL org.opencontainers.image.description ${project.description} +LABEL org.opencontainers.image.url ${project.url} +LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile +LABEL org.opencontainers.image.vendor ${project.organization.name} +LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people +LABEL org.opencontainers.image.licenses Apache-2.0 +LABEL org.opencontainers.image.version ${version.org.keycloak} +LABEL org.opencontainers.image.created ${git.build.time} +LABEL org.opencontainers.image.revision ${git.commit.id} +LABEL org.opencontainers.image.ref.name ${image.tag}-temurin-import +LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre + +# https://www.keycloak.org/server/all-config +ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json + +COPY --from=keycloak-import /app /app +ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"] +CMD ["import", "--dir=/realms"] + +### +### Distroless +### + +FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless + +# https://github.com/opencontainers/image-spec/blob/main/annotations.md +LABEL org.opencontainers.image.title ${project.name} +LABEL org.opencontainers.image.description ${project.description} +LABEL org.opencontainers.image.url ${project.url} +LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile +LABEL org.opencontainers.image.vendor ${project.organization.name} +LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people +LABEL org.opencontainers.image.licenses Apache-2.0 +LABEL org.opencontainers.image.version ${version.org.keycloak} +LABEL org.opencontainers.image.created ${git.build.time} +LABEL org.opencontainers.image.revision ${git.commit.id} +LABEL org.opencontainers.image.ref.name ${image.tag}-distroless +LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot + +# https://www.keycloak.org/server/all-config +ENV \ + KC_DB=postgres \ + KC_CACHE=ispn \ + KC_CACHE_STACK=kubernetes \ + KC_CACHE_DNS=keycloak-headless \ + KC_CACHE_OWNERS=2 \ + KC_HEALTH_ENABLED=true \ + KC_METRICS_ENABLED=true \ + KC_METRICS_EVENT_REPLACE_IDS=true \ + KC_METRICS_STATS_ENABLED=true \ + URI_METRICS_ENABLED=false \ + URI_METRICS_DETAILED=false \ + KC_PROXY=edge \ + KC_LOG_CONSOLE_OUTPUT=json + +COPY --from=keycloak-runtime /app /app +ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-Djgroups.dns.query=${KC_CACHE_DNS}", "-jar", "/app/lib/quarkus-run.jar"] +CMD ["start", "--optimized"] + +### +### Distroless Import +### + +FROM gcr.io/distroless/java${maven.compiler.target}:nonroot AS distroless-import + +# https://github.com/opencontainers/image-spec/blob/main/annotations.md +LABEL org.opencontainers.image.title ${project.name} +LABEL org.opencontainers.image.description ${project.description} +LABEL org.opencontainers.image.url ${project.url} +LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile +LABEL org.opencontainers.image.vendor ${project.organization.name} +LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people +LABEL org.opencontainers.image.licenses Apache-2.0 +LABEL org.opencontainers.image.version ${version.org.keycloak} +LABEL org.opencontainers.image.created ${git.build.time} +LABEL org.opencontainers.image.revision ${git.commit.id} +LABEL org.opencontainers.image.ref.name ${image.tag}-distroless-import +LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot + +# https://www.keycloak.org/server/all-config +ENV KC_DB=postgres KC_CACHE=local KC_LOG_CONSOLE_OUTPUT=json + +COPY --from=keycloak-import /app /app +ENTRYPOINT ["java", "-XX:+ExitOnOutOfMemoryError", "-Dkc.home.dir=/app", "-jar", "/app/lib/quarkus-run.jar"] +CMD ["import", "--dir=/realms"] diff --git a/src/main/docker/base/Dockerfile b/src/main/docker/base/Dockerfile deleted file mode 100644 index afc3e80..0000000 --- a/src/main/docker/base/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM docker.io/eclipse-temurin:${maven.compiler.target}-jre - -# update and remove unsed software -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get -qq purge wget curl && apt-get -qq autoremove --yes --purge - -ARG VERSION=${version.org.keycloak} -ADD keycloak-quarkus-dist-$VERSION.tar.gz /tmp -RUN mv /tmp/keycloak-$VERSION /app && rm -rf /app/bin && chmod -R ugo+r /app diff --git a/src/main/docker/temurin/cache-ispn.xml b/src/main/docker/cache-ispn.xml similarity index 100% rename from src/main/docker/temurin/cache-ispn.xml rename to src/main/docker/cache-ispn.xml diff --git a/src/main/docker/distroless-import/Dockerfile b/src/main/docker/distroless-import/Dockerfile deleted file mode 100644 index 70ffaff..0000000 --- a/src/main/docker/distroless-import/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM gcr.io/distroless/java${maven.compiler.target}:nonroot - -# https://github.com/opencontainers/image-spec/blob/main/annotations.md -LABEL org.opencontainers.image.title ${project.name} -LABEL org.opencontainers.image.description ${project.description} -LABEL org.opencontainers.image.url ${project.url} -LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile -LABEL org.opencontainers.image.vendor ${project.organization.name} -LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people -LABEL org.opencontainers.image.licenses Apache-2.0 -LABEL org.opencontainers.image.version ${version.org.keycloak} -LABEL org.opencontainers.image.created ${git.build.time} -LABEL org.opencontainers.image.revision ${git.commit.id} -LABEL org.opencontainers.image.ref.name ${image.tag}-distroless-import -LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot - -# https://www.keycloak.org/server/all-config -ENV \ - KC_DB=postgres \ - KC_CACHE=local \ - KC_LOG_CONSOLE_COLOR=false \ - KC_LOG_CONSOLE_OUTPUT=json - -# hadolint ignore=DL3022 -COPY --from=kokuwaio/keycloak:${image.tag}-temurin-import /app /app -ENTRYPOINT ["java","-XX:+ExitOnOutOfMemoryError","-jar","/app/lib/quarkus-run.jar"] -CMD ["import", "--dir=/realms"] diff --git a/src/main/docker/distroless/Dockerfile b/src/main/docker/distroless/Dockerfile deleted file mode 100644 index 66f3d30..0000000 --- a/src/main/docker/distroless/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM gcr.io/distroless/java${maven.compiler.target}:nonroot - -# https://github.com/opencontainers/image-spec/blob/main/annotations.md -LABEL org.opencontainers.image.title ${project.name} -LABEL org.opencontainers.image.description ${project.description} -LABEL org.opencontainers.image.url ${project.url} -LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile -LABEL org.opencontainers.image.vendor ${project.organization.name} -LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people -LABEL org.opencontainers.image.licenses Apache-2.0 -LABEL org.opencontainers.image.version ${version.org.keycloak} -LABEL org.opencontainers.image.created ${git.build.time} -LABEL org.opencontainers.image.revision ${git.commit.id} -LABEL org.opencontainers.image.ref.name ${image.tag}-distroless -LABEL org.opencontainers.image.base.name gcr.io/distroless/java${maven.compiler.target}:nonroot - -# https://www.keycloak.org/server/all-config -ENV \ - KC_DB=postgres \ - KC_CACHE=ispn \ - KC_CACHE_STACK=kubernetes \ - KC_CACHE_DNS=keycloak-headless \ - KC_CACHE_OWNERS=2 \ - KC_HEALTH_ENABLED=true \ - KC_METRICS_ENABLED=true \ - KC_METRICS_EVENT_REPLACE_IDS=true \ - KC_METRICS_STATS_ENABLED=true \ - URI_METRICS_ENABLED=false \ - URI_METRICS_DETAILED=false \ - KC_PROXY=edge \ - KC_LOG_CONSOLE_COLOR=false \ - KC_LOG_CONSOLE_OUTPUT=json - -# hadolint ignore=DL3022 -COPY --from=kokuwaio/keycloak:${image.tag}-temurin /app /app -ENTRYPOINT ["java", "--add-opens", "java.base/java.util=ALL-UNNAMED", "-XX:+ExitOnOutOfMemoryError", "-Djgroups.dns.query=${KC_CACHE_DNS}","-jar","/app/lib/quarkus-run.jar"] -CMD ["start", "--optimized"] diff --git a/src/main/docker/temurin-import/Dockerfile b/src/main/docker/temurin-import/Dockerfile deleted file mode 100644 index c803c85..0000000 --- a/src/main/docker/temurin-import/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM kokuwaio/keycloak:${image.tag}-base - -# https://github.com/opencontainers/image-spec/blob/main/annotations.md -LABEL org.opencontainers.image.title ${project.name} -LABEL org.opencontainers.image.description ${project.description} -LABEL org.opencontainers.image.url ${project.url} -LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile -LABEL org.opencontainers.image.vendor ${project.organization.name} -LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people -LABEL org.opencontainers.image.licenses Apache-2.0 -LABEL org.opencontainers.image.version ${version.org.keycloak} -LABEL org.opencontainers.image.created ${git.build.time} -LABEL org.opencontainers.image.revision ${git.commit.id} -LABEL org.opencontainers.image.ref.name ${image.tag}-temurin-import -LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre - -# https://www.keycloak.org/server/all-config -ENV \ - KC_DB=postgres \ - KC_CACHE=local \ - KC_LOG_CONSOLE_COLOR=false \ - KC_LOG_CONSOLE_OUTPUT=json - -RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build -ENTRYPOINT ["java","-XX:+ExitOnOutOfMemoryError","-jar","/app/lib/quarkus-run.jar"] -CMD ["import", "--dir=/realms"] diff --git a/src/main/docker/temurin/Dockerfile b/src/main/docker/temurin/Dockerfile deleted file mode 100644 index b701928..0000000 --- a/src/main/docker/temurin/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -FROM kokuwaio/keycloak:${image.tag}-base - -# https://github.com/opencontainers/image-spec/blob/main/annotations.md -LABEL org.opencontainers.image.title ${project.name} -LABEL org.opencontainers.image.description ${project.description} -LABEL org.opencontainers.image.url ${project.url} -LABEL org.opencontainers.image.source ${project.url}/src/main/docker/Dockerfile -LABEL org.opencontainers.image.vendor ${project.organization.name} -LABEL org.opencontainers.image.authors https://github.com/orgs/kokuwaio/people -LABEL org.opencontainers.image.licenses Apache-2.0 -LABEL org.opencontainers.image.version ${version.org.keycloak} -LABEL org.opencontainers.image.created ${git.build.time} -LABEL org.opencontainers.image.revision ${git.commit.id} -LABEL org.opencontainers.image.ref.name ${image.tag}-temurin -LABEL org.opencontainers.image.base.name docker.io/eclipse-temurin:${maven.compiler.target}-jre - -# https://www.keycloak.org/server/all-config -ENV \ - KC_DB=postgres \ - KC_CACHE=ispn \ - KC_CACHE_STACK=kubernetes \ - KC_CACHE_DNS=keycloak-headless \ - KC_CACHE_OWNERS=2 \ - KC_HEALTH_ENABLED=true \ - KC_METRICS_ENABLED=true \ - KC_METRICS_EVENT_REPLACE_IDS=true \ - KC_METRICS_STATS_ENABLED=true \ - URI_METRICS_ENABLED=false \ - URI_METRICS_DETAILED=false \ - KC_PROXY=edge \ - KC_LOG_CONSOLE_COLOR=false \ - KC_LOG_CONSOLE_OUTPUT=json - -COPY cache-ispn.xml /tmp/keycloak-${version.org.keycloak}/conf/cache-ispn.xml -COPY keycloak-event-metrics-${version.io.kokuwa.keycloak.metrics}.jar /app/providers/metrics-spi.jar -RUN java -Dkc.home.dir=/app -jar /app/lib/quarkus-run.jar build -ENTRYPOINT ["java", "--add-opens", "java.base/java.util=ALL-UNNAMED", "-XX:+ExitOnOutOfMemoryError", "-Djgroups.dns.query=${KC_CACHE_DNS}","-jar","/app/lib/quarkus-run.jar"] -CMD ["start", "--optimized"] diff --git a/src/test/k3s/test/keycloak/statefulset.yaml b/src/test/k3s/test/keycloak/statefulset.yaml index 8f549ae..5c035f9 100644 --- a/src/test/k3s/test/keycloak/statefulset.yaml +++ b/src/test/k3s/test/keycloak/statefulset.yaml @@ -49,8 +49,8 @@ spec: path: /health/live port: http securityContext: - runAsUser: 10001 - runAsGroup: 10001 + runAsUser: 1000 + runAsGroup: 1000 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false @@ -58,10 +58,15 @@ spec: capabilities: drop: [ALL] volumeMounts: + - name: data + mountPath: /app/data - name: tmp mountPath: /tmp + enableServiceLinks: false automountServiceAccountToken: false terminationGracePeriodSeconds: 10 volumes: + - name: data + emptyDir: {} - name: tmp emptyDir: {}