From 4e0f358e68632ecdb81e419ad215c2e6f34dacc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= Date: Thu, 1 Apr 2021 01:14:28 +0200 Subject: [PATCH] Set unprivileged user to container image (#2838) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Set unprivileged user to container image Signed-off-by: Juraci Paixão Kröhling * Set alpine version to 3.13 Signed-off-by: Juraci Paixão Kröhling --- cmd/otelcol/Dockerfile | 10 +++++++--- examples/demo/app/Dockerfile | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cmd/otelcol/Dockerfile b/cmd/otelcol/Dockerfile index 4e99c435a63..f80bab5f790 100644 --- a/cmd/otelcol/Dockerfile +++ b/cmd/otelcol/Dockerfile @@ -1,16 +1,20 @@ -FROM alpine:3.12 as certs +FROM alpine:3.13 as certs RUN apk --update add ca-certificates -FROM alpine:3.12 AS otelcol +FROM alpine:3.13 AS otelcol COPY otelcol / # Note that this shouldn't be necessary, but in some cases the file seems to be # copied with the execute bit lost (see #1317) RUN chmod 755 /otelcol FROM scratch + +ARG USER_UID=10001 +USER ${USER_UID} + COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=otelcol /otelcol / COPY config.yaml /etc/otel/config.yaml ENTRYPOINT ["/otelcol"] CMD ["--config", "/etc/otel/config.yaml"] -EXPOSE 55678 55679 +EXPOSE 4317 55678 55679 diff --git a/examples/demo/app/Dockerfile b/examples/demo/app/Dockerfile index 97c758351a7..bd18c87ce35 100644 --- a/examples/demo/app/Dockerfile +++ b/examples/demo/app/Dockerfile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.14 +FROM golang:1.16 COPY . /usr/src/app/ WORKDIR /usr/src/app/ RUN go env -w GOPROXY=direct