Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

Commit

Permalink
use uid and gid instead of names
Browse files Browse the repository at this point in the history
  • Loading branch information
@nacx
nacx committed Mar 7, 2024
1 parent 5f0db87 commit 9a3ae14
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
# Builder image used to create a non-root user and to pick the SSL CA certs from
FROM alpine:3.18.0 as builder
RUN apk --update add ca-certificates
RUN adduser --disabled-password --gecos "" --uid 1001 nonroot
RUN adduser --disabled-password --gecos "" --uid 65532 nonroot


FROM scratch
Expand All @@ -31,9 +31,9 @@ COPY --from=builder /etc/group /etc/group
# Copy the base SSL CA certs so we can make HTTPS requests
COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem

# Run as non-root
USER nonroot:nonroot
WORKDIR /home/nonroot
# Run as non-root. We can't use nonroot:nonroot here since in K8s:
# https://github.com/kubernetes/kubernetes/blob/98eff192802a87c613091223f774a6c789543e74/pkg/kubelet/kuberuntime/security_context_others.go#L49.
USER 65532:65532

ADD bin/authservice-${FLAVOR}-${TARGETOS}-${TARGETARCH} /usr/local/bin/authservice
ENTRYPOINT ["/usr/local/bin/authservice"]

0 comments on commit 9a3ae14

Please sign in to comment.