Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to non-root container #103

Merged
merged 1 commit into from
Jun 16, 2020
Merged

Move to non-root container #103

merged 1 commit into from
Jun 16, 2020

Conversation

alex1989hu
Copy link
Contributor

@alex1989hu alex1989hu commented Jun 7, 2020
edited
Loading

  • Add USER statement to run as non-root user
  • Move to gcr.io/distroless/static image

UPDATE:

  • Use gcr.io/distroless/static image
  • Removed user creation
  • Set USER 1001:1001 in Dockerfile

Signed-off-by: Alex Szakaly alex.szakaly@gmail.com

Fixes #102

Proposed changes

#102

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING guide
  • I have proven my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have ensured the README is up to date
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch on my own fork

@pleshakov pleshakov added the enhancement Pull requests for new features/feature enhancements label Jun 9, 2020
pleshakov
pleshakov reviewed Jun 10, 2020
View reviewed changes
Copy link
Contributor

@pleshakov pleshakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @alex1989hu

Thanks for the PR!

I left a comment.

build/Dockerfile Outdated Show resolved Hide resolved
@pleshakov pleshakov requested a review from Rulox June 11, 2020 23:19
lucacome
lucacome reviewed Jun 15, 2020
View reviewed changes
build/Dockerfile Outdated
@@ -9,6 +9,9 @@ COPY collector ./collector
COPY client ./client
RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux go build -mod=vendor -a -installsuffix cgo -ldflags "-X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o exporter .

FROM alpine:3.11
FROM gcr.io/distroless/static@sha256:c6d5981545ce1406d33e61434c61e9452dad93ecd8397c41e89036ef977a88f4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use latest?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 🥇

pleshakov
pleshakov approved these changes Jun 15, 2020
View reviewed changes
Copy link
Contributor

@pleshakov pleshakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!
pending @lucacome comments

@alex1989hu
Move to non-root container
92659d8 
* Add USER statement to run as non-root user
* Move to gcr.io/distroless/static image

Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
lucacome
lucacome approved these changes Jun 16, 2020
View reviewed changes
Copy link
Member

@lucacome lucacome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lucacome lucacome merged commit e52349f into nginxinc:master Jun 16, 2020
@alex1989hu alex1989hu deleted the feat/non-root-container branch June 16, 2020 20:31
@GCHQDeveloper0985 GCHQDeveloper0985 mentioned this pull request Jun 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucacome lucacome lucacome approved these changes

@pleshakov pleshakov pleshakov approved these changes

@Rulox Rulox Awaiting requested review from Rulox

Assignees
No one assigned
Labels
enhancement Pull requests for new features/feature enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Non-root container
3 participants
@alex1989hu @lucacome @pleshakov