Merge pull request #191 from snyk/fix/revert-secure-config

ivanstanev · web-flow · commit 0b05aee9d3f8 · 2019-11-01T17:48:29.000Z
feat: Revert "Merge pull request #188 from snyk/feat/update-secure-config"
diff --git a/Dockerfile b/Dockerfile
@@ -29,29 +29,25 @@ LABEL maintainer="Snyk Ltd"
 
 ENV NODE_ENV production
 
-RUN apk update
-RUN apk upgrade
-RUN apk --no-cache add db
-
-RUN addgroup -S -g 10001 snyk
-RUN adduser -S -G snyk -h /srv/app -u 10001 snyk
+COPY --from=skopeo-build /usr/bin/skopeo /usr/bin/skopeo
+COPY --from=skopeo-build /etc/containers/registries.d/default.yaml /etc/containers/registries.d/default.yaml
+COPY --from=skopeo-build /etc/containers/policy.json /etc/containers/policy.json
 
-WORKDIR /srv/app
-USER snyk:snyk
+RUN apk --no-cache add db
+COPY --from=rpmdb-build /go/src/github.com/snyk/go-rpmdb/rpmdb /usr/bin/rpmdb
 
-COPY --chown=snyk:snyk --from=skopeo-build /usr/bin/skopeo /usr/bin/skopeo
-COPY --chown=snyk:snyk --from=skopeo-build /etc/containers/registries.d/default.yaml /etc/containers/registries.d/default.yaml
-COPY --chown=snyk:snyk --from=skopeo-build /etc/containers/policy.json /etc/containers/policy.json
+RUN apk update
+RUN apk upgrade
 
-COPY --chown=snyk:snyk --from=rpmdb-build /go/src/github.com/snyk/go-rpmdb/rpmdb /usr/bin/rpmdb
+WORKDIR /root
 
 # Add manifest files and install before adding anything else to take advantage of layer caching
-ADD --chown=snyk:snyk package.json package-lock.json .snyk ./
+ADD package.json package-lock.json .snyk ./
 
 RUN npm install
 
 # add the rest of the app files
-ADD --chown=snyk:snyk . .
+ADD . .
 
 # Complete any `prepare` tasks (e.g. typescript), as this step ran automatically prior to app being copied
 RUN npm run prepare
diff --git a/snyk-monitor-deployment.yaml b/snyk-monitor-deployment.yaml
@@ -57,16 +57,6 @@ spec:
           limits:
             cpu: '1'
             memory: '2Gi'
-        securityContext:
-            runAsUser: 10001
-            runAsGroup: 10001
-            privileged: false
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: false
-            capabilities:
-              drop:
-                - ALL
       securityContext: {}
       volumes:
       - name: docker-config
diff --git a/snyk-monitor/templates/deployment.yaml b/snyk-monitor/templates/deployment.yaml
@@ -51,16 +51,6 @@ spec:
             limits:
               cpu: '1'
               memory: '2Gi'
-          securityContext:
-            runAsUser: 10001
-            runAsGroup: 10001
-            privileged: false
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: false
-            capabilities:
-              drop:
-                - ALL
       volumes:
         - name: docker-config
           secret:
diff --git a/test/unit/deployment-files.test.ts b/test/unit/deployment-files.test.ts
