use uid and gid instead of names

Author: nacx

Dockerfile

@@ -15,7 +15,7 @@
 # Builder image used to create a non-root user and to pick the SSL CA certs from
 FROM alpine:3.18.0 as builder
 RUN apk --update add ca-certificates
-RUN adduser --disabled-password --gecos "" --uid 1001 nonroot
+RUN adduser --disabled-password --gecos "" --uid 65532 nonroot
 
 
 FROM scratch
@@ -31,9 +31,9 @@ COPY --from=builder /etc/group /etc/group
 # Copy the base SSL CA certs so we can make HTTPS requests
 COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem
 
-# Run as non-root
-USER nonroot:nonroot
-WORKDIR /home/nonroot
+# Run as non-root. We can't use nonroot:nonroot here since in K8s:
+# https://github.com/kubernetes/kubernetes/blob/98eff192802a87c613091223f774a6c789543e74/pkg/kubelet/kuberuntime/security_context_others.go#L49.
+USER 65532:65532
 
 ADD bin/authservice-${FLAVOR}-${TARGETOS}-${TARGETARCH} /usr/local/bin/authservice
 ENTRYPOINT ["/usr/local/bin/authservice"]