Then, before you start the microservice, the USER <username> [3] switches to this user.
While that is true and might be of help while building an image, it is my understanding that it would be a mistake to let the image tell the operator what user to use unless we have full control over the the image we run. E.g. you could drop line USER node from Dockerfile and when I rebuild or pull the image again next time, I'd start running the image as user root. (If I had a line in docker-compose.yml or my Docker command line running the image, I would be safe against that kind of change.)
The current text mentions:
While that is true and might be of help while building an image, it is my understanding that it would be a mistake to let the image tell the operator what user to use unless we have full control over the the image we run. E.g. you could drop line
USER nodefrom Dockerfile and when I rebuild or pull the image again next time, I'd start running the image as userroot. (If I had a line indocker-compose.ymlor my Docker command line running the image, I would be safe against that kind of change.)What do you think?