Skip to content

Commit bfd3a31

Browse files
almaslennikovalmaslennikov
authored
Merge pull request #85 from almaslennikov/non-root
fix: set user as nonroot in operator and webhook images
2 parents 0db74db + ca4d1f1 commit bfd3a31

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

Dockerfile.nvidia

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ RUN make _build-manager BIN_PATH=build/_output/cmd
2525
RUN make _build-sriov-network-operator-config-cleanup BIN_PATH=build/_output/cmd
2626

2727
FROM nvcr.io/nvidia/doca/doca:3.0.0-base-rt-host
28+
USER 65532:65532
2829
COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/manager /usr/bin/sriov-network-operator
2930
COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-operator-config-cleanup /usr/bin/sriov-network-operator-config-cleanup
3031
COPY bindata /bindata

Dockerfile.webhook.nvidia

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ COPY . .
2424
RUN make _build-webhook BIN_PATH=build/_output/cmd
2525

2626
FROM nvcr.io/nvidia/doca/doca:3.0.0-base-rt-host
27+
USER 65532:65532
2728
LABEL io.k8s.display-name="sriov-network-webhook" \
2829
io.k8s.description="This is an admission controller webhook that mutates and validates customer resources of sriov network operator."
2930
USER 1001

0 commit comments

Comments
 (0)