chore(Dockerfile): bump alpine version and set uid for 'kafka-proxy' …

…user Signed-off-by: Sebastian Gaiser <sebastiangaiser@users.noreply.github.com>
grepplabs · Jan 17, 2025 · 7203dea · 7203dea
1 parent 44b9dcb
commit 7203dea
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 18 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
 RUN apk add alpine-sdk ca-certificates
 
 ARG TARGETOS
@@ -21,20 +21,21 @@ RUN mkdir -p build && \
     go build -mod=vendor -o build/kafka-proxy \
     -ldflags "${LDFLAGS}" .
 
-FROM --platform=$BUILDPLATFORM alpine:3.19
+FROM --platform=$BUILDPLATFORM alpine:3.21
 RUN apk add --no-cache ca-certificates libcap
 RUN adduser \
         --disabled-password \
         --gecos "" \
         --home "/nonexistent" \
         --shell "/sbin/nologin" \
         --no-create-home \
+        --uid 65534 \
         kafka-proxy
 
-COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /opt/kafka-proxy/bin
-RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy
+COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /usr/local/bin/
+RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/kafka-proxy
 
 USER kafka-proxy
-ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
+ENTRYPOINT ["kafka-proxy"]
 CMD ["--help"]
 
diff --git a/Dockerfile.all b/Dockerfile.all
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
 RUN apk add alpine-sdk ca-certificates
 
 ARG TARGETOS
@@ -27,27 +27,27 @@ RUN mkdir -p build && \
     go build -mod=vendor -o build/unsecured-jwt-provider -ldflags "${LDFLAGS}" cmd/plugin-unsecured-jwt-provider/main.go && \
     go build -mod=vendor -o build/oidc-provider -ldflags "${LDFLAGS}" cmd/plugin-oidc-provider/main.go
 
-FROM --platform=$BUILDPLATFORM alpine:3.19
+FROM --platform=$BUILDPLATFORM alpine:3.21
 RUN apk add --no-cache ca-certificates libcap
 RUN adduser \
         --disabled-password \
         --gecos "" \
         --home "/nonexistent" \
         --shell "/sbin/nologin" \
         --no-create-home \
+        --uid 65534 \
         kafka-proxy
 
-COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /opt/kafka-proxy/bin
-RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-user && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-ldap && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-provider && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-info && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-info && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-provider && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/oidc-provider
+COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /usr/local/bin/
+RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/kafka-proxy && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/auth-user && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/auth-ldap && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/google-id-provider && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/google-id-info && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/unsecured-jwt-info && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/unsecured-jwt-provider && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/oidc-provider
 
 USER kafka-proxy
-ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
+ENTRYPOINT ["kafka-proxy"]
 CMD ["--help"]
-