Run init-container as non-root user for 4.1; change base image

Signed-off-by: Arnob kumar saha <arnob@appscode.com>
kubedb · Nov 23, 2023 · ea5433f · ea5433f
1 parent 9dfd0b0
commit ea5433f
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 4 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM debian:stretch as builder
+FROM debian:bookworm as builder
 
 ENV DEBIAN_FRONTEND noninteractive
 ENV DEBCONF_NONINTERACTIVE_SEEN true

diff --git a/install.sh b/install.sh
@@ -49,7 +49,6 @@ if [[ "$SSL_MODE" != "disabled" ]] && [[ -f "$client_pem" ]]; then
     envsubst '${INJECT_USER}' <${INIT_DIR}/replicaset.sh >${DEST_DIR}/replicaset.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/sharding.sh >${DEST_DIR}/sharding.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/mongos.sh >${DEST_DIR}/mongos.sh
-    rm ${INIT_DIR}/replicaset.sh ${INIT_DIR}/mongos.sh ${INIT_DIR}/sharding.sh
     chmod -c 755 ${DEST_DIR}/replicaset.sh ${DEST_DIR}/sharding.sh ${DEST_DIR}/mongos.sh
 fi
 
@@ -69,6 +68,5 @@ fi
 
 if [ -f "/keydir-readonly/key.txt" ]; then
     cp /keydir-readonly/key.txt /data/configdb/key.txt
-    chmod 600 /data/configdb/key.txt
-    chown -R 1001:0 /data/configdb/key.txt
+    chmod 400 /data/configdb/key.txt
 fi