Skip to content

Commit

Permalink
Merge pull request #187 from sebastiangaiser/master
Browse files Browse the repository at this point in the history 
fix(Dockerfile): bump alpine version and set uid for 'kafka-proxy' …
  • Loading branch information
@everesio
everesio authored Jan 19, 2025
2 parents 33d1e9f + a22e953 commit 043c04a
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 5 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
RUN apk add alpine-sdk ca-certificates

ARG TARGETOS
Expand All @@ -21,7 +21,7 @@ RUN mkdir -p build && \
go build -mod=vendor -o build/kafka-proxy \
-ldflags "${LDFLAGS}" .

FROM --platform=$BUILDPLATFORM alpine:3.19
FROM --platform=$BUILDPLATFORM alpine:3.21
RUN apk add --no-cache ca-certificates libcap
RUN adduser \
--disabled-password \
Expand Down
5 changes: 2 additions & 3 deletions Dockerfile.all
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
RUN apk add alpine-sdk ca-certificates

ARG TARGETOS
Expand Down Expand Up @@ -27,7 +27,7 @@ RUN mkdir -p build && \
go build -mod=vendor -o build/unsecured-jwt-provider -ldflags "${LDFLAGS}" cmd/plugin-unsecured-jwt-provider/main.go && \
go build -mod=vendor -o build/oidc-provider -ldflags "${LDFLAGS}" cmd/plugin-oidc-provider/main.go

FROM --platform=$BUILDPLATFORM alpine:3.19
FROM --platform=$BUILDPLATFORM alpine:3.21
RUN apk add --no-cache ca-certificates libcap
RUN adduser \
--disabled-password \
Expand All @@ -50,4 +50,3 @@ RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy && \
USER kafka-proxy
ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
CMD ["--help"]

22 changes: 22 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -496,6 +496,17 @@ spec:
ports:
- name: metrics
containerPort: 9080
securityContext:
runAsNonRoot: true
runAsUser: 65534
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
seccompProfile:
type: RuntimeDefault
livenessProbe:
httpGet:
path: /health
Expand Down Expand Up @@ -591,6 +602,17 @@ spec:
mountPath: "/var/run/secret/kafka-client-certificate"
- name: "tls-client-key-file"
mountPath: "/var/run/secret/kafka-client-key"
securityContext:
runAsNonRoot: true
runAsUser: 65534
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
seccompProfile:
type: RuntimeDefault
ports:
- name: metrics
containerPort: 9080
Expand Down

0 comments on commit 043c04a

Please sign in to comment.