From a1767d42452477cde658763dfbe2086667eaac97 Mon Sep 17 00:00:00 2001 From: zryfish Date: Thu, 16 Jul 2020 18:52:51 +0800 Subject: [PATCH] use non root user for building image (#2449) Signed-off-by: Jeff --- build/ks-apiserver/Dockerfile | 11 +++++++++-- build/ks-controller-manager/Dockerfile | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/build/ks-apiserver/Dockerfile b/build/ks-apiserver/Dockerfile index 989818f78..fad579137 100644 --- a/build/ks-apiserver/Dockerfile +++ b/build/ks-apiserver/Dockerfile @@ -1,7 +1,14 @@ -# Copyright 2018 The KubeSphere Authors. All rights reserved. +# Copyright 2020 The KubeSphere Authors. All rights reserved. # Use of this source code is governed by an Apache license # that can be found in the LICENSE file. FROM alpine:3.9 -RUN apk add --update ca-certificates && update-ca-certificates + COPY /bin/cmd/ks-apiserver /usr/local/bin/ + +RUN apk add --update ca-certificates && \ + update-ca-certificates && \ + adduser -D -g kubesphere -u 1002 kubesphere && \ + chown -R kubesphere:kubesphere /usr/local/bin/ks-apiserver + +USER kubesphere CMD ["sh"] diff --git a/build/ks-controller-manager/Dockerfile b/build/ks-controller-manager/Dockerfile index c5362343b..9195238d3 100644 --- a/build/ks-controller-manager/Dockerfile +++ b/build/ks-controller-manager/Dockerfile @@ -1,7 +1,14 @@ -# Copyright 2018 The KubeSphere Authors. All rights reserved. +# Copyright 2020 The KubeSphere Authors. All rights reserved. # Use of this source code is governed by an Apache license # that can be found in the LICENSE file. FROM alpine:3.7 -RUN apk add --update ca-certificates && update-ca-certificates + COPY /bin/cmd/controller-manager /usr/local/bin/ + +RUN apk add --update ca-certificates && \ + update-ca-certificates && \ + adduser -D -g kubesphere -u 1002 kubesphere && \ + chown -R kubesphere:kubesphere /usr/local/bin/controller-manager + +USER kubesphere CMD controller-manager