Skip to content

Commit 22e8c06

Browse files
authored
target allocator don't run as root (#3385)
1 parent f374ea3 commit 22e8c06

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

.chloggen/ta-no-root.yaml

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
2+
change_type: bug_fix
3+
4+
# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
5+
component: target allocator
6+
7+
# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
8+
note: Change docker image to run as non-root
9+
10+
# One or more tracking issues related to the change
11+
issues: [3378]
12+
13+
# (Optional) One or more lines of additional information to render under the primary note.
14+
# These lines will be padded with 2 spaces and then inserted directly into the document.
15+
# Use pipe (|) for multiline entries.
16+
subtext:

cmd/otel-allocator/Dockerfile

+4-2
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# Get CA certificates from the Alpine package repo
2-
FROM alpine:3.20 as certificates
2+
FROM alpine:3.20 AS certificates
33

44
RUN apk --no-cache add ca-certificates
55

@@ -8,12 +8,14 @@ FROM scratch
88

99
ARG TARGETARCH
1010

11-
WORKDIR /root/
11+
WORKDIR /
1212

1313
# Copy the certs
1414
COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
1515

1616
# Copy binary built on the host
1717
COPY bin/targetallocator_${TARGETARCH} ./main
1818

19+
USER 65532:65532
20+
1921
ENTRYPOINT ["./main"]

0 commit comments

Comments
 (0)