From 78044bbce1a17f23533b8a28f6279ddb2d9ba24d Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Wed, 31 Dec 2025 10:20:25 -0600 Subject: [PATCH 1/2] Move deps to venv so they are more clearly tracked --- deploy/Dockerfile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 02b7b78..8083656 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -7,8 +7,22 @@ RUN yum clean all \ && yum -y install python3-pip python3-pip-wheel python3-devel git \ && yum clean all -RUN git clone --depth 1 -b $VERSION https://github.com/DUNE-DAQ/connectivityserver.git -RUN python3 -m pip install /connectivityserver +ENV \ + APP_ROOT=/opt/app \ + VENV_PATH=/opt/venv \ + HOME=/opt/app \ + PYTHONUNBUFFERED=1 \ + PIP_NO_CACHE_DIR=1 \ + PATH="/opt/venv/bin:$PATH" + +RUN mkdir -p ${APP_ROOT} ${VENV_PATH} + +WORKDIR ${APP_ROOT} +RUN python3 -m venv ${VENV_PATH} \ + && git clone --depth 1 -b ${VERSION} https://github.com/DUNE-DAQ/connectivityserver.git \ + && ${VENV_PATH}/bin/pip install --no-cache-dir ./connectivityserver \ + && rm -rf /root/.cache ${HOME}/.cache ${VENV_PATH}/pip-selfcheck.json COPY --chmod=755 entrypoint.sh / + ENTRYPOINT ["/entrypoint.sh"] From 984703a4111227799150b510558d4cbc4d52ce45 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Wed, 31 Dec 2025 11:50:21 -0600 Subject: [PATCH 2/2] Can run fully isolated from any system IDs --- deploy/connectivityserver.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/connectivityserver.yaml b/deploy/connectivityserver.yaml index 7054df4..56b5f4f 100644 --- a/deploy/connectivityserver.yaml +++ b/deploy/connectivityserver.yaml @@ -39,6 +39,7 @@ spec: - key: node-role.kubernetes.io/worker operator: Exists automountServiceAccountToken: false + hostUsers: false containers: - image: ghcr.io/dune-daq/connectivityserver:develop name: connectionservice