From 35acafb67da086ac0ee061d31f806771e3929346 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Fri, 11 Aug 2023 15:05:39 -0400
Subject: [PATCH] Use nonroot version of distroless debian, run as nonroot user

---
 Dockerfile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5fb1f31f..9eb705ed 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ RUN apk add dumb-init
 
 # release-default release image
 # -----------------------------------
-FROM gcr.io/distroless/base-debian11 AS release-default
+FROM gcr.io/distroless/base-debian11:nonroot AS release-default
 
 ARG BIN_NAME
 ARG PRODUCT_VERSION
@@ -44,8 +44,6 @@ COPY --from=envoy-binary /usr/local/bin/envoy /usr/local/bin/
 COPY --from=dumb-init /usr/bin/dumb-init /usr/local/bin/
 COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /usr/local/bin/
 
-USER 100
-
 ENTRYPOINT ["/usr/local/bin/dumb-init", "/usr/local/bin/consul-dataplane"]
 
 # Red Hat UBI-based image