From 29f6765fc6cf5476c2c0bb30b5cf615a1cec6d3c Mon Sep 17 00:00:00 2001
From: Charlie Drage <charlie@charliedrage.com>
Date: Wed, 29 May 2024 12:51:37 -0400
Subject: [PATCH] feature: change example to use non-root (#1879)

#### What type of PR is this?

<!--
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
-->

/kind feature

#### What this PR does / why we need it:

This changes our example to use non-root so it runs well on non-root
clusters (ex. openshift).

We also add debugging tools so we can safely explore the container.

/tmp is also added as the directory for the replica or else it fails.

#### Which issue(s) this PR fixes:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->

N/A

#### Special notes for your reviewer:

Signed-off-by: Charlie Drage <charlie@charliedrage.com>
---
 examples/compose.yaml   |  8 ++++----
 examples/web/Dockerfile | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/examples/compose.yaml b/examples/compose.yaml
index 8c689e93..e473f8eb 100644
--- a/examples/compose.yaml
+++ b/examples/compose.yaml
@@ -2,19 +2,19 @@ services:
 
   redis-leader:
     container_name: redis-leader
-    image: redis:latest
+    image: redis
     ports:
       - "6379"
 
   redis-replica:
     container_name: redis-replica
-    image: redis:latest
+    image: redis
     ports:
       - "6379"
-    command: redis-server --replicaof redis-leader 6379
+    command: redis-server --replicaof redis-leader 6379 --dir /tmp
 
   web:
     container_name: web
     image: quay.io/kompose/web
     ports:
-      - "8080:8080"
+      - "8080:8080"
\ No newline at end of file
diff --git a/examples/web/Dockerfile b/examples/web/Dockerfile
index 42d2dd6d..8b0fc534 100644
--- a/examples/web/Dockerfile
+++ b/examples/web/Dockerfile
@@ -1,4 +1,9 @@
 FROM golang:1.21.2
+
+# Debugging within the container
+RUN apt-get update && apt-get install dnsutils redis-tools -y
+
+# Set the working directory in the container
 WORKDIR /app
 
 # Copy the entire project which includes the public directory, vendoring, etc.
@@ -7,5 +12,15 @@ COPY . .
 # Build your application
 RUN CGO_ENABLED=0 GOOS=linux go build -o /frontend
 
+# Change the permissions so that all users can execute it
+RUN chmod +x /frontend
+
+# Although setting permissions on /frontend should suffice, set wider permissions if needed
+RUN chown -R 1001:0 /app && \
+    chmod -R g=u /app
+
+# This directive ensures the container does not run as root
+USER 1001
+
 EXPOSE 8080
 CMD ["/frontend"]