From 6b834914c7bec702998f9a66372f940505eb44a0 Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 11:20:18 +0200
Subject: [PATCH 1/6] Distroless container image created

---
 Dockerfile_distroless | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 Dockerfile_distroless

diff --git a/Dockerfile_distroless b/Dockerfile_distroless
new file mode 100644
index 0000000..ad974e7
--- /dev/null
+++ b/Dockerfile_distroless
@@ -0,0 +1,19 @@
+FROM  python:3.7-slim AS build
+COPY requirements.txt /tmp/requirements.txt
+RUN set -xe && \
+    echo $(echo BUILD_TIME_ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
+    pip install -r /tmp/requirements.txt && \
+    mkdir /app 
+COPY ./entrypoint.sh /app/entrypoint.sh
+COPY k8sci/ /app/k8sci/
+
+### INFO: 
+# What is distroless: https://medium.com/better-programming/how-to-harden-your-containers-with-distroless-docker-images-c2abd7c71fdb
+# Google Base Images: https://github.com/GoogleContainerTools/distroless/
+FROM gcr.io/distroless/python3-debian10
+COPY --from=build /app /app
+COPY --from=build /usr/local/bin/gunicorn /app/gunicorn
+COPY --from=build /usr/local/lib/python3.7/site-packages /usr/local/lib/python3.7/site-packages
+WORKDIR /app
+ENV PYTHONPATH=/usr/local/lib/python3.7/site-packages PYTHONUNBUFFERED=TRUE
+CMD ["gunicorn","--bind","0.0.0.0:5000","--enable-stdio-inheritance","--error-logfile","-","k8sci.wsgi:app"]
\ No newline at end of file

From be1514e5ce96837cdf5ff6e00afbd7568b61b729 Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 11:47:13 +0200
Subject: [PATCH 2/6] Removed not needed lines

---
 Dockerfile_distroless | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/Dockerfile_distroless b/Dockerfile_distroless
index ad974e7..2e84d06 100644
--- a/Dockerfile_distroless
+++ b/Dockerfile_distroless
@@ -1,17 +1,14 @@
-FROM  python:3.7-slim AS build
+FROM python:3.7-slim AS build
 COPY requirements.txt /tmp/requirements.txt
-RUN set -xe && \
-    echo $(echo BUILD_TIME_ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
-    pip install -r /tmp/requirements.txt && \
-    mkdir /app 
-COPY ./entrypoint.sh /app/entrypoint.sh
-COPY k8sci/ /app/k8sci/
+RUN  set -xe && \
+     echo $(echo BUILD_TIME_ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
+     pip install -r /tmp/requirements.txt
 
 ### INFO: 
 # What is distroless: https://medium.com/better-programming/how-to-harden-your-containers-with-distroless-docker-images-c2abd7c71fdb
 # Google Base Images: https://github.com/GoogleContainerTools/distroless/
 FROM gcr.io/distroless/python3-debian10
-COPY --from=build /app /app
+COPY k8sci/ /app/k8sci/
 COPY --from=build /usr/local/bin/gunicorn /app/gunicorn
 COPY --from=build /usr/local/lib/python3.7/site-packages /usr/local/lib/python3.7/site-packages
 WORKDIR /app

From 270cb0f01eaec9c9010e1d0b5d055cd51404d37b Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 11:50:23 +0200
Subject: [PATCH 3/6] #2 Removed not needed lines

---
 Dockerfile_distroless | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Dockerfile_distroless b/Dockerfile_distroless
index 2e84d06..ebec155 100644
--- a/Dockerfile_distroless
+++ b/Dockerfile_distroless
@@ -1,8 +1,6 @@
 FROM python:3.7-slim AS build
 COPY requirements.txt /tmp/requirements.txt
-RUN  set -xe && \
-     echo $(echo BUILD_TIME_ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
-     pip install -r /tmp/requirements.txt
+RUN  pip install -r /tmp/requirements.txt
 
 ### INFO: 
 # What is distroless: https://medium.com/better-programming/how-to-harden-your-containers-with-distroless-docker-images-c2abd7c71fdb

From 06749b458a315113bd316f045fd641e190bbc139 Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 12:05:00 +0200
Subject: [PATCH 4/6] Changed alpine based image entrypoint similar than
 distroless

---
 Dockerfile    | 6 +++---
 entrypoint.sh | 9 ---------
 2 files changed, 3 insertions(+), 12 deletions(-)
 delete mode 100644 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index eb5d48c..9ad9d1a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,6 @@ ARG UID=1000
 ARG GID=1000
 
 COPY requirements.txt /tmp/requirements.txt
-COPY ./entrypoint.sh /usr/bin/entrypoint.sh
 RUN set -xe && \
     echo $(echo BUILD_TIME_ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
     apk upgrade --no-cache && \
@@ -16,12 +15,13 @@ RUN set -xe && \
     pip install -r /tmp/requirements.txt && \
     addgroup -g ${GID} -S ${GROUP} && \
     adduser -u ${UID} -S -D ${USER} ${GROUP} && \
-    chmod a+x /usr/bin/entrypoint.sh && \
     mkdir /app && chown ${USER} /app
 
 
 COPY --chown=${USER} k8sci/ /app/k8sci/
 WORKDIR /app
 USER ${USER}
+ENV PYTHONUNBUFFERED=TRUE
 
-ENTRYPOINT /usr/bin/entrypoint.sh
\ No newline at end of file
+ENTRYPOINT echo $(echo ALPINE_VERSION: && /bin/cat /etc/alpine-release) && \
+           gunicorn --bind 0.0.0.0:5000 --enable-stdio-inheritance --error-logfile "-"  k8sci.wsgi:app
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100644
index 8a4fab6..0000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env sh
-
-set -xe
-
-echo $(echo ALPINE_VERSION: && /bin/cat /etc/alpine-release) 
-
-export PYTHONUNBUFFERED=TRUE
-cd /app
-gunicorn --bind 0.0.0.0:5000 --enable-stdio-inheritance --error-logfile "-"  k8sci.wsgi:app

From 60073f2b4c59462fc17c400c4655694336b6946c Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 12:27:37 +0200
Subject: [PATCH 5/6] #3 Changed alpine based image entrypoint similar than
 distroless

---
 Dockerfile | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9ad9d1a..f542e0d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,10 +14,7 @@ RUN set -xe && \
         py3-pip && \
     pip install -r /tmp/requirements.txt && \
     addgroup -g ${GID} -S ${GROUP} && \
-    adduser -u ${UID} -S -D ${USER} ${GROUP} && \
-    mkdir /app && chown ${USER} /app
-
-
+    adduser -u ${UID} -S -D ${USER} ${GROUP}
 COPY --chown=${USER} k8sci/ /app/k8sci/
 WORKDIR /app
 USER ${USER}

From 0a5ae2780afbbe1f6e297bbc8c8f6cb43f9f2dae Mon Sep 17 00:00:00 2001
From: Sakari Hoisko <sakari.hoisko@northcode.fi>
Date: Mon, 15 Feb 2021 15:13:53 +0200
Subject: [PATCH 6/6] Taked nonroot user to use in alpine and distroless images

---
 Dockerfile            | 4 ++--
 Dockerfile_distroless | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f542e0d..9622f4f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:latest
 
-ARG USER=notroot
-ARG GROUP=notroot
+ARG USER=nonroot
+ARG GROUP=nonroot
 ARG UID=1000
 ARG GID=1000
 
diff --git a/Dockerfile_distroless b/Dockerfile_distroless
index ebec155..bf3a6fa 100644
--- a/Dockerfile_distroless
+++ b/Dockerfile_distroless
@@ -6,9 +6,10 @@ RUN  pip install -r /tmp/requirements.txt
 # What is distroless: https://medium.com/better-programming/how-to-harden-your-containers-with-distroless-docker-images-c2abd7c71fdb
 # Google Base Images: https://github.com/GoogleContainerTools/distroless/
 FROM gcr.io/distroless/python3-debian10
-COPY k8sci/ /app/k8sci/
-COPY --from=build /usr/local/bin/gunicorn /app/gunicorn
-COPY --from=build /usr/local/lib/python3.7/site-packages /usr/local/lib/python3.7/site-packages
+COPY --chown=nonroot k8sci/ /app/k8sci/
+COPY --from=build --chown=nonroot /usr/local/bin/gunicorn /app/gunicorn
+COPY --from=build --chown=nonroot /usr/local/lib/python3.7/site-packages /usr/local/lib/python3.7/site-packages
+USER nonroot
 WORKDIR /app
 ENV PYTHONPATH=/usr/local/lib/python3.7/site-packages PYTHONUNBUFFERED=TRUE
 CMD ["gunicorn","--bind","0.0.0.0:5000","--enable-stdio-inheritance","--error-logfile","-","k8sci.wsgi:app"]
\ No newline at end of file