From abd772842f7d04fbd2a625c9140057858083c7ed Mon Sep 17 00:00:00 2001
From: jiangpengcheng <scjiangpengcheng@gmail.com>
Date: Thu, 23 May 2024 17:25:02 +0800
Subject: [PATCH] Use non root user in operator.Dockerfile (#759)

* Use non-root user in operator image

* run make manager first
---
 .ci/tests/integration-oauth2/e2e.yaml               |  6 +++---
 .../integration-oauth2/e2e_with_downloader.yaml     |  6 +++---
 operator.Dockerfile                                 | 13 +++++++++++--
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/.ci/tests/integration-oauth2/e2e.yaml b/.ci/tests/integration-oauth2/e2e.yaml
index dc13fcb3..176460f4 100644
--- a/.ci/tests/integration-oauth2/e2e.yaml
+++ b/.ci/tests/integration-oauth2/e2e.yaml
@@ -90,10 +90,10 @@ setup:
 
     - name: install function-mesh operator
       command: |
-        make generate
+        make manager
         make helm-crds
-        image="function-mesh-operator:latest"
-        IMG=${image} make docker-build-skip-test
+        image="function-mesh:latest"
+        docker build --platform linux/amd64 -f operator.Dockerfile -t $image .
         kind load docker-image ${image}
         helm install ${FUNCTION_MESH_RELEASE_NAME} -n ${FUNCTION_MESH_NAMESPACE} --set operatorImage=${image} --create-namespace charts/function-mesh-operator
       wait:
diff --git a/.ci/tests/integration-oauth2/e2e_with_downloader.yaml b/.ci/tests/integration-oauth2/e2e_with_downloader.yaml
index 14445cfc..7888e342 100644
--- a/.ci/tests/integration-oauth2/e2e_with_downloader.yaml
+++ b/.ci/tests/integration-oauth2/e2e_with_downloader.yaml
@@ -90,10 +90,10 @@ setup:
 
     - name: install function-mesh operator
       command: |
-        make generate
+        make manager
         make helm-crds
-        image="function-mesh-operator:latest"
-        IMG=${image} make docker-build-skip-test
+        image="function-mesh:latest"
+        docker build --platform linux/amd64 -f operator.Dockerfile -t $image .
         kind load docker-image ${image}
         helm install ${FUNCTION_MESH_RELEASE_NAME} -n ${FUNCTION_MESH_NAMESPACE} --set operatorImage=${image} --set controllerManager.enableInitContainers=true --create-namespace charts/function-mesh-operator
       wait:
diff --git a/operator.Dockerfile b/operator.Dockerfile
index 60e502cf..7624968d 100644
--- a/operator.Dockerfile
+++ b/operator.Dockerfile
@@ -1,5 +1,14 @@
 FROM alpine:3.20
 
-RUN apk add tzdata --no-cache
-RUN apk upgrade --no-cache
+ENV GID=10001
+ENV UID=10000
+ENV USER=pulsar
+
+RUN apk upgrade --no-cache \
+    && apk add tzdata --no-cache \
+    && addgroup -g $GID pulsar \
+    && adduser -u $UID -G pulsar -D -g '' $USER
+
 ADD bin/function-mesh-controller-manager /manager
+
+USER $USER