Skip to content

Commit

Permalink
Merge pull request #70 from funkypenguin/make-psps-happy
Browse files Browse the repository at this point in the history 
Use numeric UID/GID to satisfy PSPs
  • Loading branch information
@axdotl
axdotl authored Apr 28, 2020
2 parents 7e7fbf9 + 9116e56 commit fb6f71d
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ RUN apk add --no-cache gcc && \

COPY sidecar/* ./

#run as non-privileged user
USER nobody
# Use the nobody user's numeric UID/GID to satisfy MustRunAsNonRoot PodSecurityPolicies
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups
USER 65534:65534

CMD [ "python", "-u", "/app/sidecar.py" ]

0 comments on commit fb6f71d

Please sign in to comment.