Run as non-root by default

benfiola / minio-operator-ext

A Kubernetes operator that allows for declarative management of MinIO resources

12 stars 1 forks source link

Run as non-root by default #21

Open nogweii opened 1 week ago

nogweii commented 1 week ago

I've done so in my PR (#20) but bringing it up separately so that it might be integrated into the Dockerfile - there is nothing that requires root privileges inside the container, right?

If so, might I recommend basing the final layer not on scratch but on gcr.io/distroless/static-debian12:nonroot instead?

benfiola commented 1 week ago

... there is nothing that requires root privileges inside the container, right?

None that I know of!

Did some quick testing, didn't see any issues with the non-root image. I do think it's a great idea to encourage non-root as default - so I'll put in a PR to update the docker image.

benfiola commented 1 week ago

As of docker.io/benfiola/minio-operator-ext:2.2.0 - we should be using a non-root image. Let me know if you run into any issues with it.

nogweii commented 1 week ago

As mentioned in the other thread, it looks like the latest / 2.2.0 image only has one layer, and does not include the operator binary itself.

benfiola commented 1 week ago

Yep! The image should be fixed as of version 2.2.1! :tada: