Skip to content

Commit d816f77

Browse files
lfranckelfrancke
committed
Rework image to get the commands in order and have everything owned by stackable:0
1 parent 6e8b5c3 commit d816f77

File tree

1 file changed

+25
-33
lines changed

1 file changed

+25
-33
lines changed

airflow/Dockerfile

Lines changed: 25 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ FROM stackable/image/vector AS airflow-build-image
1313
ARG PRODUCT
1414
ARG PYTHON
1515
ARG TARGETARCH
16-
ARG TARGETOS
1716

1817
COPY airflow/constraints-${PRODUCT}-python${PYTHON}.txt /tmp/constraints.txt
1918

@@ -59,37 +58,40 @@ ARG PYTHON
5958
ARG RELEASE
6059
ARG TINI
6160
ARG TARGETARCH
62-
ARG TARGETOS
6361
ARG STACKABLE_USER_UID
6462

6563
LABEL name="Apache Airflow" \
66-
maintainer="info@stackastatsd_exporble.tech" \
64+
maintainer="info@stackable.tech" \
6765
vendor="Stackable GmbH" \
6866
version="${PRODUCT}" \
6967
release="${RELEASE}" \
7068
summary="The Stackable image for Apache Airflow." \
7169
description="This image is deployed by the Stackable Operator for Apache Airflow."
7270

7371
COPY airflow/licenses /licenses
74-
7572
COPY --chown=${STACKABLE_USER_UID}:0 airflow/stackable/utils/entrypoint.sh /entrypoint.sh
7673
COPY --chown=${STACKABLE_USER_UID}:0 airflow/stackable/utils/run-airflow.sh /run-airflow.sh
7774

75+
ENV HOME=/stackable
76+
ENV AIRFLOW_USER_HOME_DIR=/stackable
77+
ENV PATH=$PATH:/bin:$HOME/app/bin
78+
ENV AIRFLOW_HOME=$HOME/airflow
79+
7880
# Update image and install python
7981
RUN <<EOF
8082
microdnf update
81-
microdnf install
82-
ca-certificates
83-
cyrus-sasl
84-
git
85-
libpq
86-
openldap
87-
openldap-clients
88-
openssh-clients
89-
openssl-libs
90-
openssl-pkcs11
91-
python${PYTHON}
92-
socat
83+
microdnf install \
84+
ca-certificates \
85+
cyrus-sasl \
86+
git \
87+
libpq \
88+
openldap \
89+
openldap-clients \
90+
openssh-clients \
91+
openssl-libs \
92+
openssl-pkcs11 \
93+
python${PYTHON} \
94+
socat \
9395
unixODBC
9496
microdnf clean all
9597
rm -rf /var/cache/yum
@@ -100,32 +102,22 @@ curl --fail -o /usr/bin/tini "https://repo.stackable.tech/repository/packages/ti
100102
chmod a+x /entrypoint.sh
101103
chmod a+x /run-airflow.sh
102104
chmod +x /usr/bin/tini
103-
EOF
104105

105-
ENV HOME=/stackable
106-
ENV AIRFLOW_USER_HOME_DIR=/stackable
107-
ENV PATH=$PATH:/bin:$HOME/app/bin
108-
ENV AIRFLOW_HOME=$HOME/airflow
109-
110-
USER ${STACKABLE_USER_UID}
111-
WORKDIR /stackable
112-
113-
COPY --from=airflow-build-image --chown=${STACKABLE_USER_UID}:0 /stackable/ ${HOME}/
114-
COPY --from=gitsync-image --chown=${STACKABLE_USER_UID}:0 /git-sync /stackable/git-sync
115-
116-
RUN <<EOF
117106
mkdir -pv ${AIRFLOW_HOME}
118107
mkdir -pv ${AIRFLOW_HOME}/dags
119108
mkdir -pv ${AIRFLOW_HOME}/logs
120-
EOF
121109

122-
USER 0
123-
RUN <<EOF
124-
chgrp -R 0 /stackable
110+
# All files and folders owned by root to support running as arbitrary users
111+
# This is best practice as all users will belong to group `0`
112+
chown -R ${STACKABLE_USER_UID}:0 /stackable
125113
chmod -R g=u /stackable
126114
EOF
127115

128116
USER ${STACKABLE_USER_UID}
117+
WORKDIR /stackable
118+
119+
COPY --from=airflow-build-image --chown=${STACKABLE_USER_UID}:0 /stackable/ ${HOME}/
120+
COPY --from=gitsync-image --chown=${STACKABLE_USER_UID}:0 /git-sync /stackable/git-sync
129121

130122
ENTRYPOINT ["/usr/bin/tini", "--", "/run-airflow.sh"]
131123
CMD []

0 commit comments

Comments
 (0)