From f7dc6589f5777d304c6a67e2aa6ef7e0d0a5e2b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20=C5=A0alata?= <martin.salata@ysoft.com>
Date: Mon, 26 Jul 2021 10:31:31 +0200
Subject: [PATCH] Make the deployment and the jobs run in a non-root
 environment

---
 VERSION                                    | 2 +-
 build/Dockerfile                           | 5 ++++-
 build/Dockerfile.cert-generator            | 5 ++++-
 charts/imagepullsecret-injector/Chart.yaml | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/VERSION b/VERSION
index 58682af..9bbaee4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.0.11
\ No newline at end of file
+0.0.12
\ No newline at end of file
diff --git a/build/Dockerfile b/build/Dockerfile
index 29a788f..8d86f5b 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -7,4 +7,7 @@ RUN make build
 FROM alpine:3.13.4 as base
 COPY --from=builder /go/src/github.com/ysoftdevs/imagepullsecret-injector/build/_output/bin/imagepullsecret-injector /usr/local/bin/imagepullsecret-injector
 
-ENTRYPOINT ["imagepullsecret-injector"]
\ No newline at end of file
+RUN addgroup -S imagepullsecret-injector-group && adduser -S imagepullsecret-injector-user -G imagepullsecret-injector-group
+USER imagepullsecret-injector-user
+
+ENTRYPOINT ["imagepullsecret-injector"]
diff --git a/build/Dockerfile.cert-generator b/build/Dockerfile.cert-generator
index 93cbb7c..c601ebe 100644
--- a/build/Dockerfile.cert-generator
+++ b/build/Dockerfile.cert-generator
@@ -1,6 +1,9 @@
 FROM alpine:3.13.4
 
-RUN apk add bash curl openssl \
+RUN addgroup -S imagepullsecret-injector-group && adduser -S imagepullsecret-injector-user -G imagepullsecret-injector-group \
+    && apk add bash curl openssl jq \
     && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
     && chmod 755 ./kubectl \
     && mv ./kubectl /usr/bin/kubectl
+
+USER imagepullsecret-injector-user
diff --git a/charts/imagepullsecret-injector/Chart.yaml b/charts/imagepullsecret-injector/Chart.yaml
index 9e0ff73..79311af 100644
--- a/charts/imagepullsecret-injector/Chart.yaml
+++ b/charts/imagepullsecret-injector/Chart.yaml
@@ -20,4 +20,4 @@ version: 0.0.21
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.0.11
+appVersion: 0.0.12