lhotari
commented
5 months ago Please review and merge @freeznet @jiangpengcheng @nlu90 . Thanks!
Closed lhotari closed 5 months ago
lhotari
commented
5 months ago Please review and merge @freeznet @jiangpengcheng @nlu90 . Thanks!
Motivation
Tanzu Kubernetes Grid 1.22.9 requires that docker images have numeric userids. Running an distroless nonroot image with "USER nonroot:nonroot" will fail to start with this error when default pod security policy is enabled: "Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root"
Modifications
Replace
USER nonroot:nonrootwithUSER 65532:65532. Similar solution is commonly used for images using distroless nonroot base image. For example, https://github.com/grafana/loki/blob/main/operator/Dockerfile#L26Documentation
Check the box below.
Need to update docs?
[ ]
doc-required(If you need help on updating docs, create a doc issue)
[x]
no-need-doc(Please explain why)
[ ]
doc(If this PR contains doc changes)