Skip to content

Commit 1eb1438

Browse files
shysankshysank
committed
use non root numeric user
1 parent 522db2e commit 1eb1438

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

Dockerfile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,9 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
5252
-o manager ${package}
5353

5454
# Production image
55-
FROM gcr.io/distroless/static:latest
55+
FROM gcr.io/distroless/static:nonroot
5656
WORKDIR /
5757
COPY --from=builder /workspace/manager .
58-
USER nobody
58+
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
59+
USER 65532
5960
ENTRYPOINT ["/manager"]

config/manager/manager_auth_proxy_patch.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ spec:
1010
spec:
1111
containers:
1212
- name: kube-rbac-proxy
13-
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
13+
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
1414
args:
1515
- "--secure-listen-address=0.0.0.0:8443"
1616
- "--upstream=http://127.0.0.1:8080/"

0 commit comments

Comments
 (0)