Make the deployment and the jobs run in a non-root environment

2026-01-11 14:30:42 +01:00 · 2021-07-26 10:31:31 +02:00
parent 233491dec9
commit f7dc6589f5
4 changed files with 10 additions and 4 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-0.0.11
+0.0.12
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -7,4 +7,7 @@ RUN make build
 FROM alpine:3.13.4 as base
 COPY --from=builder /go/src/github.com/ysoftdevs/imagepullsecret-injector/build/_output/bin/imagepullsecret-injector /usr/local/bin/imagepullsecret-injector

-ENTRYPOINT ["imagepullsecret-injector"]
+RUN addgroup -S imagepullsecret-injector-group && adduser -S imagepullsecret-injector-user -G imagepullsecret-injector-group
+USER imagepullsecret-injector-user
+
+ENTRYPOINT ["imagepullsecret-injector"]
--- a/build/Dockerfile.cert-generator
+++ b/build/Dockerfile.cert-generator
@@ -1,6 +1,9 @@
 FROM alpine:3.13.4

-RUN apk add bash curl openssl \
+RUN addgroup -S imagepullsecret-injector-group && adduser -S imagepullsecret-injector-user -G imagepullsecret-injector-group \
+    && apk add bash curl openssl jq \
    && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
    && chmod 755 ./kubectl \
    && mv ./kubectl /usr/bin/kubectl
+
+USER imagepullsecret-injector-user
--- a/charts/imagepullsecret-injector/Chart.yaml
+++ b/charts/imagepullsecret-injector/Chart.yaml
@@ -20,4 +20,4 @@ version: 0.0.21
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.0.11
+appVersion: 0.0.12
@@ -1 +1 @@
 .0.11
 .0.12