From 9116e566303dd585dc97eea137e0da13dcaaf637 Mon Sep 17 00:00:00 2001
From: David Young <davidy@funkypenguin.co.nz>
Date: Sat, 28 Mar 2020 10:10:41 +1300
Subject: [PATCH] Use numeric UID/GID to satisfy PSPs

Signed-off-by: David Young <davidy@funkypenguin.co.nz>
---
 Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7a74c6a..3664a6a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,8 @@ RUN         apk add --no-cache gcc && \
 
 COPY sidecar/* ./
 
-#run as non-privileged user 
-USER nobody
+# Use the nobody user's numeric UID/GID to satisfy MustRunAsNonRoot PodSecurityPolicies
+# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups
+USER 65534:65534
+
 CMD         [ "python", "-u", "/app/sidecar.py" ]