Open nogweii opened 1 week ago
... there is nothing that requires root privileges inside the container, right?
None that I know of!
Did some quick testing, didn't see any issues with the non-root image. I do think it's a great idea to encourage non-root as default - so I'll put in a PR to update the docker image.
As of docker.io/benfiola/minio-operator-ext:2.2.0
- we should be using a non-root image. Let me know if you run into any issues with it.
As mentioned in the other thread, it looks like the latest / 2.2.0 image only has one layer, and does not include the operator binary itself.
Yep! The image should be fixed as of version 2.2.1
! :tada:
I've done so in my PR (#20) but bringing it up separately so that it might be integrated into the Dockerfile - there is nothing that requires root privileges inside the container, right?
If so, might I recommend basing the final layer not on scratch but on
gcr.io/distroless/static-debian12:nonroot
instead?