diff --git a/docker-and-k8s-security/docker/Dockerfile.distroless b/docker-and-k8s-security/docker/Dockerfile.distroless new file mode 100644 index 0000000..46e3a53 --- /dev/null +++ b/docker-and-k8s-security/docker/Dockerfile.distroless @@ -0,0 +1,24 @@ +### First Stage ### +# Base Image +FROM node:12-slim as build +WORKDIR /usr/src/app + +# Install Dependencies +COPY package*.json ./ +RUN npm install + +# Copy in the application we created +COPY . . + +### Second Stage ### +FROM gcr.io/distroless/nodejs:12 + +# Copy App + Dependencies from Build Stage +COPY --from=build /usr/src/app /usr/src/app +WORKDIR /usr/src/app + +# Set User to Non-Root +USER 1000 + +# Run Server +CMD [ "server.js" ] \ No newline at end of file diff --git a/docker-and-k8s-security/docker/Dockerfile.naive b/docker-and-k8s-security/docker/Dockerfile.naive new file mode 100644 index 0000000..9178315 --- /dev/null +++ b/docker-and-k8s-security/docker/Dockerfile.naive @@ -0,0 +1,13 @@ +# Base Image +FROM node:12-slim +WORKDIR /usr/src/app + +# Install Dependencies +COPY package*.json ./ +RUN npm install + +# Copy in Application +COPY . . + +# Run Server +CMD [ "server.js" ] \ No newline at end of file diff --git a/docker-and-k8s-security/docker/Dockerfile.non-root b/docker-and-k8s-security/docker/Dockerfile.non-root new file mode 100644 index 0000000..05f0d8e --- /dev/null +++ b/docker-and-k8s-security/docker/Dockerfile.non-root @@ -0,0 +1,16 @@ +# Base Image +FROM node:12-slim +WORKDIR /usr/src/app + +# Install Dependencies +COPY package*.json ./ +RUN npm install + +# Copy in Application +COPY . . + +# Set User to Non-Root +USER node + +# Run Server +CMD [ "server.js" ] \ No newline at end of file diff --git a/docker-and-k8s-security/docker/Makefile b/docker-and-k8s-security/docker/Makefile new file mode 100644 index 0000000..22c027b --- /dev/null +++ b/docker-and-k8s-security/docker/Makefile @@ -0,0 +1,20 @@ +run: + docker run -i -d -p 8080:8080 node-distroless + +build-naive: + docker build \ + -f $(CURDIR)/Dockerfile.naive \ + -t node-naive \ + . + +build-non-root: + docker build \ + -f $(CURDIR)/Dockerfile.non-root \ + -t node-non-root \ + . + +build-distroless: + docker build \ + -f $(CURDIR)/Dockerfile.distroless \ + -t node-distroless \ + . \ No newline at end of file diff --git a/docker-and-k8s-security/docker/package.json b/docker-and-k8s-security/docker/package.json new file mode 100644 index 0000000..389a7bd --- /dev/null +++ b/docker-and-k8s-security/docker/package.json @@ -0,0 +1,11 @@ +{ + "name": "hello-world", + "version": "1.0.0", + "description": "", + "main": "server.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC" +}