Set unprivileged user to container image

jpkrohling · jpkrohling · commit f3e18d1f8aab · 2021-03-29T21:31:58.000+02:00
Signed-off-by: Juraci Paixão Kröhling &lt;juraci@kroehling.de&gt;
diff --git a/cmd/otelcol/Dockerfile b/cmd/otelcol/Dockerfile
@@ -1,16 +1,20 @@
-FROM alpine:3.12 as certs
+FROM alpine:latest as certs
 RUN apk --update add ca-certificates
 
-FROM alpine:3.12 AS otelcol
+FROM alpine:latest AS otelcol
 COPY otelcol /
 # Note that this shouldn't be necessary, but in some cases the file seems to be
 # copied with the execute bit lost (see #1317)
 RUN chmod 755 /otelcol
 
 FROM scratch
+
+ARG USER_UID=10001
+USER ${USER_UID}
+
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=otelcol /otelcol /
 COPY config.yaml /etc/otel/config.yaml
 ENTRYPOINT ["/otelcol"]
 CMD ["--config", "/etc/otel/config.yaml"]
-EXPOSE 55678 55679
+EXPOSE 4317 55678 55679
diff --git a/examples/demo/app/Dockerfile b/examples/demo/app/Dockerfile
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM golang:1.14
+FROM golang:1.16
 COPY . /usr/src/app/
 WORKDIR /usr/src/app/
 RUN go env -w GOPROXY=direct
