This repository is meant as a simple tutorial aid to accompany the Snyk Developer Drivien Worklows blog article. It is a stripped down copy of https://github.com/snyk/goof.
TODO: Update above with actual blog URL when published
There are 3 Dockerfile examples, each of which can be coppied over the Dockerfile as you step through the article:
Dockerfile-initial- Unoptimized and broken fileDockerfile-hadolint-fixes- Edits applied per hadolint and fixesdocker builderrorDockerfile-nonroot- Builds on the above with fix to stop running as root by default
Also, pre-commit-hook.sample can be copied into your repo clone's .git/hooks/pre-commit to enforce linting at commit (see blog for detais)
In the /manifests directory, you will find 3 versions of the goof-deployment.yaml file. As above, copy any of the following versions over it as you work through the article:
goof-deployment.yaml-initial- Basic deployment of thegoofapplication (build via the Dockerfile above) as well as a stockmongodbcontainer.goof-deployment.yaml-nonroot- Add runtime enforcement to stopgooffrom running as the root usergoof-deployment.yaml-nonroot-drop-capabilities- Builds on the above with unnessesary Linux capabilities dropped for thegoofcontainer
There is also a goof-services.yaml file allong side these that needs to be deployed to expose the app and db on the network.
kind-config.yaml is provided for those running Kubernetes in Docker (kind), an example cluster configuration file is provided to enable localhost access to the service endpoint.