From ee3a60b7d552286b9a0c273fcd70ff7e8235f179 Mon Sep 17 00:00:00 2001
From: Tariq Ibrahim <tariq181290@gmail.com>
Date: Tue, 4 Jun 2019 13:25:51 -0700
Subject: [PATCH] make cluster-api-manager container run with a non-root user
 (#955)

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index bf3b691a277b..f36c9355d75f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ FROM golang:1.12.5 as builder
 ARG ARCH
 
 # Copy in the go src
-WORKDIR $GOPATH/src/sigs.k8s.io/cluster-api
+WORKDIR ${GOPATH}/src/sigs.k8s.io/cluster-api
 COPY pkg/    pkg/
 COPY cmd/    cmd/
 COPY vendor/ vendor/
@@ -30,4 +30,5 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -a -ldflags '-extldflags "-
 FROM gcr.io/distroless/static:latest
 WORKDIR /
 COPY --from=builder /go/src/sigs.k8s.io/cluster-api/manager .
+USER nobody
 ENTRYPOINT ["/manager"]