issues
search
nasa-jpl
/
ASSESS
Automatic Semantic Search Engine for Suitable Standards
21
stars
7
forks
source link
fixing up the docker env
#84
Closed
philipsoutham
closed
3 years ago
philipsoutham
commented
3 years ago
Locking down the containers by restricting all and explicitly allowing kernel capabilities.
Making containers
read_only
when base image allows (some poorly built ones do not)
Also explicitly defining volumes where data should be stored/mutated.
Making sure uid is not root when we can
Defining configuration values in environment variables
Taking the stuff from
tiangolo/uvicorn-gunicorn-fastapi:python3.7
that makes it special and building our own image from the official python base image
using the official redis base image
adding tmpfs to fastapi
removing exposed ports that didn't need to be exposed
read_only
when base image allows (some poorly built ones do not)tiangolo/uvicorn-gunicorn-fastapi:python3.7
that makes it special and building our own image from the official python base image