Use non root user in operator.Dockerfile (#759)

jiangpengcheng · web-flow · commit 7e58e524d74c · 2024-05-23T17:25:02.000+08:00
* Use non-root user in operator image

* run make manager first
diff --git a/.ci/tests/integration-oauth2/e2e.yaml b/.ci/tests/integration-oauth2/e2e.yaml
@@ -90,10 +90,10 @@ setup:
 
     - name: install function-mesh operator
       command: |
-        make generate
+        make manager
         make helm-crds
-        image="function-mesh-operator:latest"
-        IMG=${image} make docker-build-skip-test
+        image="function-mesh:latest"
+        docker build --platform linux/amd64 -f operator.Dockerfile -t $image .
         kind load docker-image ${image}
         helm install ${FUNCTION_MESH_RELEASE_NAME} -n ${FUNCTION_MESH_NAMESPACE} --set operatorImage=${image} --create-namespace charts/function-mesh-operator
       wait:
diff --git a/.ci/tests/integration-oauth2/e2e_with_downloader.yaml b/.ci/tests/integration-oauth2/e2e_with_downloader.yaml
@@ -90,10 +90,10 @@ setup:
 
     - name: install function-mesh operator
       command: |
-        make generate
+        make manager
         make helm-crds
-        image="function-mesh-operator:latest"
-        IMG=${image} make docker-build-skip-test
+        image="function-mesh:latest"
+        docker build --platform linux/amd64 -f operator.Dockerfile -t $image .
         kind load docker-image ${image}
         helm install ${FUNCTION_MESH_RELEASE_NAME} -n ${FUNCTION_MESH_NAMESPACE} --set operatorImage=${image} --set controllerManager.enableInitContainers=true --create-namespace charts/function-mesh-operator
       wait:
diff --git a/operator.Dockerfile b/operator.Dockerfile
@@ -1,5 +1,14 @@
 FROM alpine:3.20
 
-RUN apk add tzdata --no-cache
-RUN apk upgrade --no-cache
+ENV GID=10001
+ENV UID=10000
+ENV USER=pulsar
+
+RUN apk upgrade --no-cache \
+    && apk add tzdata --no-cache \
+    && addgroup -g $GID pulsar \
+    && adduser -u $UID -G pulsar -D -g '' $USER
+
 ADD bin/function-mesh-controller-manager /manager
+
+USER $USER
