From c78c3fd09826f8c53093ee94ec96eedb772cbdbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= <juraci@kroehling.de>
Date: Mon, 29 Mar 2021 18:08:37 +0200
Subject: [PATCH] Set unprivileged user to container image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
---
 cmd/otelcontribcol/Dockerfile                             | 6 +++++-
 examples/tracing/Dockerfile                               | 8 ++++++--
 exporter/loadbalancingexporter/example/Dockerfile         | 8 ++++++--
 exporter/lokiexporter/example/Dockerfile                  | 8 ++++++--
 exporter/splunkhecexporter/example/Dockerfile             | 8 ++++++--
 .../examples/federation/prom-counter/Dockerfile           | 2 +-
 6 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/cmd/otelcontribcol/Dockerfile b/cmd/otelcontribcol/Dockerfile
index 363d9c18d3e72..4c642ff666d50 100644
--- a/cmd/otelcontribcol/Dockerfile
+++ b/cmd/otelcontribcol/Dockerfile
@@ -2,8 +2,12 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY otelcontribcol /
-EXPOSE 55680 55679
+EXPOSE 4317 55680 55679
 ENTRYPOINT ["/otelcontribcol"]
 CMD ["--config", "/etc/otel/config.yaml"]
diff --git a/examples/tracing/Dockerfile b/examples/tracing/Dockerfile
index fc7b73d7cb6c1..92c6042e8864b 100644
--- a/examples/tracing/Dockerfile
+++ b/examples/tracing/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14 AS build
+FROM golang:1.16 AS build
 
 WORKDIR /src
 ADD . /src
@@ -9,7 +9,11 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /src/bin/otelcontribcol_linux_amd64 /otelcontribcol
 ENTRYPOINT ["/otelcontribcol"]
-EXPOSE 55680 55679
+EXPOSE 4317 55680 55679
diff --git a/exporter/loadbalancingexporter/example/Dockerfile b/exporter/loadbalancingexporter/example/Dockerfile
index fc7b73d7cb6c1..92c6042e8864b 100644
--- a/exporter/loadbalancingexporter/example/Dockerfile
+++ b/exporter/loadbalancingexporter/example/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14 AS build
+FROM golang:1.16 AS build
 
 WORKDIR /src
 ADD . /src
@@ -9,7 +9,11 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /src/bin/otelcontribcol_linux_amd64 /otelcontribcol
 ENTRYPOINT ["/otelcontribcol"]
-EXPOSE 55680 55679
+EXPOSE 4317 55680 55679
diff --git a/exporter/lokiexporter/example/Dockerfile b/exporter/lokiexporter/example/Dockerfile
index fc7b73d7cb6c1..92c6042e8864b 100644
--- a/exporter/lokiexporter/example/Dockerfile
+++ b/exporter/lokiexporter/example/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14 AS build
+FROM golang:1.16 AS build
 
 WORKDIR /src
 ADD . /src
@@ -9,7 +9,11 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /src/bin/otelcontribcol_linux_amd64 /otelcontribcol
 ENTRYPOINT ["/otelcontribcol"]
-EXPOSE 55680 55679
+EXPOSE 4317 55680 55679
diff --git a/exporter/splunkhecexporter/example/Dockerfile b/exporter/splunkhecexporter/example/Dockerfile
index fc7b73d7cb6c1..92c6042e8864b 100644
--- a/exporter/splunkhecexporter/example/Dockerfile
+++ b/exporter/splunkhecexporter/example/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14 AS build
+FROM golang:1.16 AS build
 
 WORKDIR /src
 ADD . /src
@@ -9,7 +9,11 @@ FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /src/bin/otelcontribcol_linux_amd64 /otelcontribcol
 ENTRYPOINT ["/otelcontribcol"]
-EXPOSE 55680 55679
+EXPOSE 4317 55680 55679
diff --git a/receiver/simpleprometheusreceiver/examples/federation/prom-counter/Dockerfile b/receiver/simpleprometheusreceiver/examples/federation/prom-counter/Dockerfile
index 17c9a0198d62b..28fd065ce4df7 100644
--- a/receiver/simpleprometheusreceiver/examples/federation/prom-counter/Dockerfile
+++ b/receiver/simpleprometheusreceiver/examples/federation/prom-counter/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.14-stretch
+FROM golang:1.16-stretch
 
 WORKDIR /go/src/app