diff --git a/deployment/build/frontend/Dockerfile b/deployment/build/frontend/Dockerfile index bae25ac..a4cda85 100644 --- a/deployment/build/frontend/Dockerfile +++ b/deployment/build/frontend/Dockerfile @@ -16,6 +16,6 @@ COPY --from=builder /app/dist /usr/share/nginx/html COPY frontend/nginx.conf /etc/nginx/nginx.conf -EXPOSE 80 +EXPOSE 8080 CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/deployment/volcano-dashboard.yaml b/deployment/volcano-dashboard.yaml index d503f33..38d97ac 100644 --- a/deployment/volcano-dashboard.yaml +++ b/deployment/volcano-dashboard.yaml @@ -16,15 +16,32 @@ spec: labels: app: volcano-dashboard spec: + securityContext: + seLinuxOptions: + level: s0:c123,c456 + seccompProfile: + type: RuntimeDefault serviceAccountName: volcano-dashboard containers: - image: volcanosh/vc-dashboard-frontend:latest imagePullPolicy: Always name: frontend ports: - - containerPort: 80 + - containerPort: 8080 name: frontend protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /run + name: nginx-run - image: volcanosh/vc-dashboard-backend:latest imagePullPolicy: Always name: backend @@ -32,6 +49,18 @@ spec: - containerPort: 3001 name: backend protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + volumes: + - name: nginx-cache + emptyDir: {} + - name: nginx-run + emptyDir: {} --- # volcano dashboard serviceAccount @@ -115,6 +144,6 @@ spec: - name: frontend port: 80 protocol: TCP - targetPort: 80 + targetPort: 8080 selector: app: volcano-dashboard diff --git a/frontend/nginx.conf b/frontend/nginx.conf index 06c8c18..0de9f87 100644 --- a/frontend/nginx.conf +++ b/frontend/nginx.conf @@ -3,7 +3,7 @@ events {} http { include mime.types; server { - listen 80; + listen 8080; server_name localhost; location / {