[cloudstack-kubernetes-provider] branch master updated: use non-root container (#25)

rohit Thu, 22 Apr 2021 02:48:21 -0700

This is an automated email from the ASF dual-hosted git repository.

rohit pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/cloudstack-kubernetes-provider.git



The following commit(s) were added to refs/heads/master by this push:
     new 25cb3ec  use non-root container (#25)
25cb3ec is described below

commit 25cb3ecdf8e3555bb34c5454f3965aa8b3a7de7c
Author: Joshua Hügli <[email protected]>
AuthorDate: Thu Apr 22 11:48:06 2021 +0200

    use non-root container (#25)
    
    * use non-root container
    
    * use distroless
    
    * remove ca-certificates..
    as they are already installed with distroless
---
 Dockerfile      | 10 ++++------
 deployment.yaml |  3 +--
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f974443..3d7a38f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,10 +18,8 @@
 FROM golang:1.13 as builder
 COPY . /go/src/github.com/apache/cloudstack-kubernetes-provider
 WORKDIR /go/src/github.com/apache/cloudstack-kubernetes-provider
-RUN  make clean && CGO_ENABLED=0 GOOS=linux make
+RUN make clean && CGO_ENABLED=0 GOOS=linux make
 
-FROM alpine:latest
-RUN apk --no-cache add ca-certificates
-WORKDIR /root/
-COPY --from=builder 
/go/src/github.com/apache/cloudstack-kubernetes-provider/cloudstack-ccm 
./cloudstack-ccm
-CMD ["./cloudstack-ccm", "--cloud-provider", "external-cloudstack"]
+FROM gcr.io/distroless/static:nonroot
+COPY --from=builder 
/go/src/github.com/apache/cloudstack-kubernetes-provider/cloudstack-ccm 
/app/cloudstack-ccm
+ENTRYPOINT [ "/app/cloudstack-ccm", "--cloud-provider", "external-cloudstack" ]
diff --git a/deployment.yaml b/deployment.yaml
index ad5fb00..0c5ffcd 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -145,8 +145,7 @@ spec:
       - name: cloud-controller-manager
         image: apache/cloudstack-kubernetes-provider:latest
         imagePullPolicy: IfNotPresent
-        command:
-        - /root/cloudstack-ccm
+        args:
         - --leader-elect=true
         - --cloud-provider=external-cloudstack
         - --cloud-config=/config/cloud-config

[cloudstack-kubernetes-provider] branch master updated: use non-root container (#25)

Reply via email to