diff --git a/CHANGELOG.md b/CHANGELOG.md index 485ca15b62..dca8190444 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re - [#6168](https://github.com/thanos-io/thanos/pull/6168) Receiver: Make ketama hashring fail early when configured with number of nodes lower than the replication factor. - [#6201](https://github.com/thanos-io/thanos/pull/6201) Query-Frontend: Disable absent and absent_over_time for vertical sharding. - [#6212](https://github.com/thanos-io/thanos/pull/6212) Query-Frontend: Disable scalar for vertical sharding. +- [#6107](https://github.com/thanos-io/thanos/pull/6082) Change default user id in container image from 0(root) to 1001 ### Removed diff --git a/Dockerfile b/Dockerfile index 5c67815a70..74dc0f2c1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,4 +5,11 @@ LABEL maintainer="The Thanos Authors" COPY /thanos_tmp_for_docker /bin/thanos +RUN adduser \ + -D `#Dont assign a password` \ + -H `#Dont create home directory` \ + -u 1001 `#User id`\ + thanos && \ + chown thanos /bin/thanos +USER 1001 ENTRYPOINT [ "/bin/thanos" ] diff --git a/Dockerfile.multi-arch b/Dockerfile.multi-arch index 756b3e83c3..2660ccf6e7 100644 --- a/Dockerfile.multi-arch +++ b/Dockerfile.multi-arch @@ -9,4 +9,11 @@ ARG OS="linux" COPY .build/${OS}-${ARCH}/thanos /bin/thanos +RUN adduser \ + -D `#Dont assign a password` \ + -H `#Dont create home directory` \ + -u 1001 `#User id`\ + thanos && \ + chown thanos /bin/thanos +USER 1001 ENTRYPOINT [ "/bin/thanos" ] diff --git a/Dockerfile.multi-stage b/Dockerfile.multi-stage index 55cb89cbc6..1573e3114b 100644 --- a/Dockerfile.multi-stage +++ b/Dockerfile.multi-stage @@ -21,4 +21,11 @@ LABEL maintainer="The Thanos Authors" COPY --from=builder /go/bin/thanos /bin/thanos +RUN adduser \ + -D `#Dont assign a password` \ + -H `#Dont create home directory` \ + -u 1001 `#User id`\ + thanos && \ + chown thanos /bin/thanos +USER 1001 ENTRYPOINT [ "/bin/thanos" ]