aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHuabing Zhao <zhaohuabing@gmail.com>2019-04-11 02:09:56 +0000
committerHuabing Zhao <zhaohuabing@gmail.com>2019-04-11 02:11:20 +0000
commite8adf17d10549708f6459d989cefa100a26d06f1 (patch)
treec1c058c499a2684d3980b333da5aab601cf43bc5
parent8f8a661e782185b48741947ddd2a48a9a9afce33 (diff)
Run kube2ms registrator as non-root user
Change-Id: I2165e080af7c6027548288432c8437503903ee12 Issue-ID: MSB-322 Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
-rw-r--r--build/docker/Dockerfile5
1 files changed, 5 insertions, 0 deletions
diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile
index f25e592..511964d 100644
--- a/build/docker/Dockerfile
+++ b/build/docker/Dockerfile
@@ -1,4 +1,9 @@
FROM alpine:3.3
COPY kube2msb /bin/
+RUN addgroup -g 1000 msb && \
+ adduser -D -u 1000 -G msb msb && \
+ chown msb:msb /bin/kube2msb
+USER msb
+
ENTRYPOINT /bin/kube2msb --kube_master_url=${KUBE_MASTER_URL} --auth_token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) --msb_url=${MSB_URL}