Skip to content

Commit e9a30db

Browse files
jbuschejbusche
committed
non-root controller container
Signed-off-by: James Busche <jbusche@us.ibm.com> rebased to fix controller version
1 parent 9d8ff1c commit e9a30db

File tree

2 files changed

+9
-2
lines changed

2 files changed

+9
-2
lines changed

CONTROLLER_VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.29.53
1+
1.29.54

deployment/Dockerfile.both

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,17 @@ ADD mcad-controller /usr/local/bin
55
RUN true \
66
&& microdnf update \
77
&& microdnf --nodocs install \
8-
curl \
8+
curl shadow-utils \
99
&& microdnf clean all \
1010
&& true
1111

1212
RUN cd /usr/local/bin && curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl
1313

1414
WORKDIR /usr/local/bin
15+
16+
RUN groupadd --system --gid=9999 mcad && \
17+
useradd --system --create-home --uid=9999 --gid=mcad mcad
18+
19+
RUN chown -R mcad:mcad /usr/local/bin
20+
21+
USER mcad

0 commit comments

Comments
 (0)