chore: creates and uses the non-privileged user iris in EPS Docker files

iris-connect / eps

Our endpoint system (eps) that manages and secures the communication between different actors in the IRIS connect ecosystem. Think of it as a distributed service mesh router as well as a decentralized message broker. Still evolving, use with caution.

https://iris-connect.github.io/eps/docs/

GNU Affero General Public License v3.0

12 stars 2 forks source link

chore: creates and uses the non-privileged user iris in EPS Docker files #17

Closed jekutzsche closed 3 years ago

jekutzsche commented 3 years ago

The applications are started in the container by a script under the user iris. Still as root, all directories and files under settings/ are assigned to this user beforehand so that the applications can use all files.

Refs iris-connect/iris-backlog#224

jekutzsche commented 3 years ago

I would like to present the solution for non-root EPS images for discussion. For the K8S environments, however, we still need a change to the scripts, since the mounts there are readonly but with suitable mode=0644.

adewes commented 3 years ago

LGTM!