Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubectl-1.34-image for openSUSE:Factory checked in at 2026-05-05 15:16:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubectl-1.34-image (Old) and /work/SRC/openSUSE:Factory/.kubectl-1.34-image.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubectl-1.34-image" Tue May 5 15:16:16 2026 rev:9 rq:1350805 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/kubectl-1.34-image/kubectl-1.34-image.changes 2026-03-27 06:42:30.784653805 +0100 +++ /work/SRC/openSUSE:Factory/.kubectl-1.34-image.new.30200/kubectl-1.34-image.changes 2026-05-05 15:17:35.924639750 +0200 @@ -1,0 +2,5 @@ +Mon May 4 13:01:20 UTC 2026 - SUSE Update Bot <[email protected]> + +- improve handling for running as non-root + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Dockerfile ++++++ --- /var/tmp/diff_new_pack.sh729C/_old 2026-05-05 15:17:36.424659640 +0200 +++ /var/tmp/diff_new_pack.sh729C/_new 2026-05-05 15:17:36.428659799 +0200 @@ -64,6 +64,7 @@ LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"; ENTRYPOINT ["kubectl"] -RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user +RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube + WORKDIR /home/user ++++++ README.md ++++++ --- /var/tmp/diff_new_pack.sh729C/_old 2026-05-05 15:17:36.460661073 +0200 +++ /var/tmp/diff_new_pack.sh729C/_new 2026-05-05 15:17:36.464661231 +0200 @@ -29,7 +29,16 @@ -v /localpath/to/customize:/home/user:Z registry.opensuse.org/opensuse/kubectl:1.34 kustomize --enable-helm ``` +## Running as a regular user +The container provides a preconfigured user called "user" which can be explicitly set to lower the permissions of kubectl within the container + + +```ShellSession +podman run --rm --name kubectl \ + --user user \ + -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \ + registry.opensuse.org/opensuse/kubectl:1.34 version ## Licensing
![https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"](https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"){kind=link}