From 4428ef41e1c99beed64b337ae2cafd3a7992db68 Mon Sep 17 00:00:00 2001
From: Mariano Uvalle <u.g.a.mariano@gmail.com>
Date: Wed, 27 Mar 2024 15:54:23 -0700
Subject: [PATCH] Change base images and run as non-root (#93)

Addresses #71

Co-authored-by: Mariano Uvalle <juvallegarza@microsoft.com>
---
 docker/eno-controller/Dockerfile | 6 +++++-
 docker/eno-reconciler/Dockerfile | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/docker/eno-controller/Dockerfile b/docker/eno-controller/Dockerfile
index e8f46e4b..440c19b0 100644
--- a/docker/eno-controller/Dockerfile
+++ b/docker/eno-controller/Dockerfile
@@ -8,6 +8,10 @@ RUN go mod download
 COPY . .
 RUN CGO_ENABLED=0 go build -ldflags="-s -w" ./cmd/eno-controller
 
-FROM scratch
+FROM gcr.io/distroless/static
+
+# https://github.com/GoogleContainerTools/distroless/blob/16dc4a6a33838006fe956e4c19f049ece9c18a8d/common/variables.bzl#L18
+USER 65532:65532
+
 COPY --from=builder /app/eno-controller /eno-controller
 ENTRYPOINT ["/eno-controller"]
diff --git a/docker/eno-reconciler/Dockerfile b/docker/eno-reconciler/Dockerfile
index 946fdbbd..5313af31 100644
--- a/docker/eno-reconciler/Dockerfile
+++ b/docker/eno-reconciler/Dockerfile
@@ -8,6 +8,10 @@ RUN go mod download
 COPY . .
 RUN CGO_ENABLED=0 go build -ldflags="-s -w" ./cmd/eno-reconciler
 
-FROM scratch
+FROM gcr.io/distroless/static
+
+# https://github.com/GoogleContainerTools/distroless/blob/16dc4a6a33838006fe956e4c19f049ece9c18a8d/common/variables.bzl#L18
+USER 65532:65532
+
 COPY --from=builder /app/eno-reconciler /eno-reconciler
 ENTRYPOINT ["/eno-reconciler"]