DevSecOps for BBK
  • Introduction
  • Getting Started
    • Virtual Training Practices
    • Training Plan
    • Tools and Configuration
    • Troubleshooting
  • Docker Fundamentals
    • Docker Setup
    • Docker First Container
    • Docker Network Basics
    • Docker Network Exercise
    • Docker Volume Basics
    • Docker Storage
  • Dockerfile Fundamentals
    • Dockerfile Instructions
    • Dockerfile Environment Variables
    • Dockerfile Build Arguments
    • Non-privileged Containers
    • Dockerfile Order of Execution
    • Dockerfile Volume
    • Entrypoint Command
    • Multiple Stage Build
  • Container Management
    • Containers Start Automatically
  • Docker Security
    • Seccomp Profile
  • Docker Compose
    • Docker Compose Install
    • Docker Compose Commands
    • Docker Compose File
    • Docker Compose Volumes and Network
  • K8s Cluster Setup
    • Minikube Installation
    • Calico Networking
    • K8s Walkthrough
    • K8s Cheat Sheet
  • Understand K8s
    • Pod Connectivity
    • Deployments
    • Service Cluster IP
    • Service NodePort
    • ClusterIP Exercise
    • NodePort Exercise
    • Service LoadBalancer
    • Configmap
    • Secrets
  • Application Lifecycle Management
    • Rolling Updates and Rollback
    • Multi Container Pod
  • K8s Storage
    • Persistent Volume
    • Persistent Volume Claim
    • PVC in POD
  • Istio
    • AKS Setup
    • Kubectl Setup in Windows
    • Istio Setup Manual
    • Istio Demo App
    • Istio Observability
  • Terraform
    • Terraform Setup
    • Terraform Demo
    • Azure Terraform Setup
  • Terraform AWS
    • Terraform AWS Setup
    • Terraform AWS Demo S3
  • Refrences
    • Docker Static Site
    • Docker First Image
Powered by GitBook
On this page

Last updated 1 year ago

Non-privileged Containers

In this lesson, you will learn how to use the USER instruction to create a non-privileged user. Rather than using root, we can use a non-privileged user to configure and run an application.

Simple Non Privileged Container

Step 1: Setup your environment:

Step 2: Create the Dockerfile:

Step 3: Creates a CentOS image that uses cloud_user as a non-privileged user

Dockerfile contents:

Step 4: Build the new image:

Step 5: Create a container using the new image:

Step 6: Connecting as a privileged user:

Node.JS Based Application Non Privileged Container

Step 1: Set up the environment:

Step 2: Clone the Github Repository

Step 3: Create the Dockerfile:

Step 4: Create an image for the weather-app

Dockerfile contents:

Step 5: Build the weather-app image using the non-privileged user node_user:

Step 6: Create a container using the nishanthkp/weather-app-nonroot:v1 image:

  • Non-privileged Containers
  • Simple Non Privileged Container
  • Node.JS Based Application Non Privileged Container
PreviousDockerfile Build ArgumentsNextDockerfile Order of Execution
  1. Dockerfile Fundamentals

Non-privileged Containers

cd non-privileged-user
mkdir non-privileged-user
vi Dockerfile
FROM centos:latest
RUN useradd -ms /bin/bash cloud_user
USER cloud_user
docker image build -t centos7/nonroot:v1 .
docker container run -it --name test-build centos7/nonroot:v1 /bin/bash
docker container start test-build
docker container exec -u 0 -it test-build /bin/bash
mkdir node-non-privileged-user
cd node-non-privileged-user
git clone https://github.com/nishanthkumarpathi/content-weather-app.git src
vi Dockerfile
FROM node
LABEL org.label-schema.version=v1.1
RUN useradd -ms /bin/bash node_user
USER node_user
ADD src/ /home/node_user
WORKDIR /home/node_user
RUN npm install
EXPOSE 3000
CMD ./bin/www
docker image build -t nishanthkp/weather-app-nonroot:v1 .
docker container run -d --name weather-app-nonroot -p 8086:3000 nishanthkp/weather-app-nonroot:v1