fix: use non-root nginx image for Kubernetes runAsNonRoot compatibility
Switch from nginx:stable-alpine to nginxinc/nginx-unprivileged:stable-alpine. The unprivileged image runs as nginx user (UID 101) on port 8080, satisfying the runAsNonRoot: true security context in Kubernetes. Fixes: https://github.com/cartsnitch/infra/issues/65 Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
cartsnitch-engineer[bot]
committed by
GitHub
GitHub
parent
20ba7dbfff
commit
3be93961c7
+4
-4
@@ -9,13 +9,13 @@ RUN npm ci
|
||||
COPY . .
|
||||
RUN npm run build
|
||||
|
||||
# Stage 2: Production
|
||||
FROM nginx:stable-alpine AS prod
|
||||
# Stage 2: Production — uses nginxinc/nginx-unprivileged which runs as non-root (UID 101)
|
||||
FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
|
||||
|
||||
COPY --from=build /app/dist /usr/share/nginx/html
|
||||
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
||||
CMD wget -qO- http://localhost/health || exit 1
|
||||
CMD wget -qO- http://localhost:8080/health || exit 1
|
||||
|
||||
Reference in New Issue
Block a user