security image

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>

Author: zmberg

Dockerfile_multiarch

@@ -1,7 +1,7 @@
 # Build the manager binary
 ARG BASE_IMAGE=alpine
 ARG BASE_IMAGE_VERION=3.17
-FROM --platform=$BUILDPLATFORM golang:1.18-alpine3.17 as builder
+FROM --platform=$BUILDPLATFORM golang:1.19-alpine3.17 as builder
 
 WORKDIR /workspace
 
@@ -23,12 +23,25 @@ ARG BASE_IMAGE
 ARG BASE_IMAGE_VERION
 FROM ${BASE_IMAGE}:${BASE_IMAGE_VERION}
 
-RUN apk add --no-cache ca-certificates=~20220614-r4 bash=~5.2.15-r0 expat=~2.5.0-r0 \
-    && rm -rf /var/cache/apk/*
+RUN set -eux; \
+    apk --no-cache --update upgrade && \
+    apk --no-cache add ca-certificates && \
+    apk --no-cache add tzdata && \
+    rm -rf /var/cache/apk/* && \
+    update-ca-certificates && \
+    echo "only include root and nobody user" && \
+    echo -e "root:x:0:0:root:/root:/bin/ash\nnobody:x:65534:65534:nobody:/:/sbin/nologin" | tee /etc/passwd && \
+    echo -e "root:x:0:root\nnobody:x:65534:" | tee /etc/group && \
+    rm -rf /usr/local/sbin/* && \
+    rm -rf /usr/local/bin/* && \
+    rm -rf /usr/sbin/* && \
+    rm -rf /usr/bin/* && \
+    rm -rf /sbin/* && \
+    rm -rf /bin/*
 
 WORKDIR /
 COPY --from=builder /workspace/manager .
 COPY lua_configuration /lua_configuration
-USER 1000
+USER 65534
 
 ENTRYPOINT ["/manager"]