diff --git a/Dockerfile b/Dockerfile index bd008135..d3dd15de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,17 @@ FROM alpine:3.18.2 ARG TARGETDIR +ARG USERNAME -RUN addgroup -S -g 65532 ng-user && \ +RUN if [ "$USERNAME" = "ng-user" ]; then \ + addgroup -S -g 65532 ng-user && \ adduser -S -D -H -u 65532 \ - -s /sbin/nologin -G ng-user -g ng-user ng-user + -s /sbin/nologin -G ng-user -g ng-user ng-user; \ + fi ADD bin/${TARGETDIR}/controller-manager /usr/local/bin/controller-manager -ADD bin/${BUILDPLATFORM}/autoscaler /usr/local/bin/autoscaler +ADD bin/${TARGETDIR}/autoscaler /usr/local/bin/autoscaler ADD bin/${TARGETDIR}/scheduler /usr/local/bin/scheduler -USER 65532:65532 + +# [Optional] Set the default user. Omit if you want to keep the default as root. +USER $USERNAME diff --git a/Dockerfile.multiarch b/Dockerfile.multiarch index 6cdb09d3..c9f0a23a 100644 --- a/Dockerfile.multiarch +++ b/Dockerfile.multiarch @@ -2,10 +2,13 @@ FROM alpine:3.18.2 ARG TARGETPLATFORM ARG TARGETARCH +ARG USERNAME -RUN addgroup -S -g 65532 ng-user && \ +RUN if [ "$USERNAME" = "ng-user" ]; then \ + addgroup -S -g 65532 ng-user && \ adduser -S -D -H -u 65532 \ - -s /sbin/nologin -G ng-user -g ng-user ng-user + -s /sbin/nologin -G ng-user -g ng-user ng-user; \ + fi RUN apk update \ && apk upgrade \ @@ -25,4 +28,6 @@ ADD charts/nebula-operator/crds/nebularestores.yaml /tmp/nebula-operator/nebular ADD bin/${TARGETPLATFORM}/controller-manager /usr/local/bin/controller-manager ADD bin/${TARGETPLATFORM}/autoscaler /usr/local/bin/autoscaler ADD bin/${TARGETPLATFORM}/scheduler /usr/local/bin/scheduler -USER 65532:65532 + +# [Optional] Set the default user. Omit if you want to keep the default as root. +USER $USERNAME diff --git a/Makefile b/Makefile index 37575286..49f692ee 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,7 @@ LDFLAGS = $(if $(DEBUGGER),,-s -w) $(shell ./hack/version.sh) DOCKER_REGISTRY ?= docker.io DOCKER_REPO ?= ${DOCKER_REGISTRY}/vesoft +USERNAME ?= ng-user IMAGE_TAG ?= v1.7.5 CHARTS_VERSION ?= 1.7.5 @@ -105,6 +106,7 @@ docker-multiarch: ensure-buildx ## Build and push the nebula-operator multiarchi --progress plain \ --platform $(BUILDX_PLATFORMS) \ --file Dockerfile.multiarch \ + --build-arg USERNAME=${USERNAME} \ -t "${DOCKER_REPO}/nebula-operator:${IMAGE_TAG}" . alpine-tools: ## Build and push the alpine-tools docker images and manifest.