From 17c70a4a1582acb7ce33324e8d76d8fe9104830a Mon Sep 17 00:00:00 2001
From: Adi Muraru <amuraru@adobe.com>
Date: Sun, 14 May 2023 10:31:52 +0300
Subject: [PATCH] Run as non-root and root group for OpenShift compatibility

See https://developers.redhat.com/blog/2020/10/26/adapting-docker-and-kubernetes-containers-to-run-on-red-hat-openshift-container-platform#group_ownership_and_file_permission
---
 Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5679e49..6cdc6ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,9 +30,8 @@ RUN CGO_ENABLED=0 go build \
 FROM alpine:3.17
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /app/bin/kminion /app/kminion
-RUN addgroup -S redpanda \
-    && adduser -S redpanda -G redpanda \
-    && chmod o+rx /app/kminion
-USER redpanda
+RUN chown -R 1001:0 /app/kminion \
+    && chmod -R g=u /app/kminion
+USER 1001
 
 ENTRYPOINT ["/app/kminion"]