Docker file for dhcp and http services to be run from monax.#321
Docker file for dhcp and http services to be run from monax.#321thesrinath wants to merge 3 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces Dockerfiles for the DHCP and HTTP services using multi-stage builds and distroless base images. The reviewer recommends improving the security of the HTTP service by running it as a non-root user and binding to a non-privileged port instead of running as root to bind to port 80.
| # HTTP server might need to run as root to bind to port 80. | ||
| USER root | ||
| ENTRYPOINT ["/bootz-http"] |
There was a problem hiding this comment.
Running the HTTP server as root is generally discouraged for security reasons. It is recommended to run as a non-privileged user (like the nonroot user provided by distroless) and bind to a non-privileged port (e.g., 8080). The port mapping to 80 can be handled by the container runtime or orchestrator.
# HTTP server should run as non-root for better security.
USER nonroot
ENTRYPOINT ["/bootz-http"]
CMD ["-address", ":8080"]
Also, removed latest tags
|
Since these files are exclusively for monax, maybe we can create a root directory like "//monax" or "//test", and just like the directory structure shown in the monax example, we can put them under "//monax/deploy" or "//test/deploy". What is your opinion? |
2 participants
No description provided.