[Docker] Do not run container as root

[janhoy]

Description

In Dockerfile, run under the nobody user instead of root. Also chown some directories.

Issues Resolved

Resolves #5311

Check List

• New functionality includes testing.
• New functionality has a documentation issue. Please link to it in this PR.
  • New functionality has javadoc added
• Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dlvenable]

Thank you @janhoy for this contribution! I have one comment about the specific user.

[janhoy]

So I think this is ready. Tested it in a k8s cluster using helm chart and this container security context:

securityContext:
  capabilities:
    drop:
    - ALL
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000

Prepper container ran as it should, under the new user.

I'll follow up with a PR to the helm chart repo to add this security context (commented-out). Only once a new docker image version is released can we make such config default.

EDIT: Well, such a commented section already exists, so guess there is no need for change until we can uncomment.

[dlvenable]

Very nice! Thank you @janhoy !

[janhoy]

Thanks for approving. Are the test failures related to the changes by any chance?

[dlvenable]

@janhoy , No, these are flaky tests. We can merge this.