Skip to content

Commit

Permalink
chore(lib-injection): use non-root user in image (#4490)
Browse files Browse the repository at this point in the history 
Containers using the root user can be blocked in Kubernetes which makes
our lib injection image incompatible with certain Kubernetes
configurations.

The solution is to simply add and use a non-root user in the image.
  • Loading branch information
@Kyle-Verhoog
Kyle-Verhoog authored Nov 8, 2022
1 parent a23bc0a commit 22fecd9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
4 changes: 3 additions & 1 deletion lib-injection/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
# and auto instrument Python applications in containerized environments.
FROM busybox

RUN addgroup -g 1000 -S datadog && \
adduser -u 1000 -S datadog -G datadog
USER datadog
WORKDIR /datadog-init

ADD sitecustomize.py /datadog-init/sitecustomize.py
ADD copy-lib.sh /datadog-init/copy-lib.sh
4 changes: 4 additions & 0 deletions releasenotes/notes/lib-injection-user-19a5b5516c060d8b.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
other:
- |
Kubernetes library injection: run commands as non-root user.

0 comments on commit 22fecd9

Please sign in to comment.