File tree Expand file tree Collapse file tree 2 files changed +8
-4
lines changed Expand file tree Collapse file tree 2 files changed +8
-4
lines changed Original file line number Diff line number Diff line change @@ -88,12 +88,11 @@ RUN set -eux && \
8888 rpm -i foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm --excludepath=/usr/bin --excludepath=/usr/lib/foundationdb/backup_agent && \
8989 rm foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm.sha256
9090
91- # Create user and group here since we don't have the tools
92- # in distroless
91+
9392RUN groupadd --gid 4059 fdb && \
94- useradd --gid 4059 --uid 4059 --create-home -- shell /bin/bash fdb && \
93+ useradd --gid 4059 --uid 4059 --shell /usr/sbin/nologin fdb && \
9594 mkdir -p /var/log/fdb && \
96- touch /var/log/fdb/.keep \
95+ touch /var/log/fdb/.keep
9796
9897COPY --chown=fdb:fdb --from=builder /workspace/bin/manager .
9998COPY --chown=fdb:fdb --from=builder /workspace/bin/kubectl-fdb /usr/local/bin/kubectl-fdb
Original file line number Diff line number Diff line change @@ -75,6 +75,11 @@ RUN set -eux && \
7575 rpm -i foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm --excludepath=/usr/bin --excludepath=/usr/lib/foundationdb/backup_agent && \
7676 rm foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm foundationdb-clients-${FDB_VERSION}-1.${FDB_OS}.${FDB_ARCH}.rpm.sha256
7777
78+ RUN groupadd --gid 4059 fdb && \
79+ useradd --gid 4059 --uid 4059 --shell /usr/sbin/nologin fdb && \
80+ mkdir -p /var/log/fdb && \
81+ touch /var/log/fdb/.keep
82+
7883COPY --chown=fdb:fdb --from=builder /workspace/bin/data-loader /usr/local/bin/data-loader
7984
8085# Set to the numeric UID of fdb user to satisfy PodSecurityPolices which enforce runAsNonRoot
You can’t perform that action at this time.
0 commit comments