Merge pull request #285 from fluxcd/fsGroup

Add fsGroup to pod security context
2021-02-08 11:38:20 +02:00 · 2021-02-08 11:38:20 +02:00 · a55a7141ab
parent 0465b122e5 9764598125
commit a55a7141ab
2 changed files with 6 additions and 2 deletions
--- a/4
+++ b/4
@ -29,7 +29,7 @@ COPY internal/ internal/
 # build without specifing the arch
 RUN CGO_ENABLED=1 go build -o source-controller main.go
-FROM alpine:3.12
+FROM alpine:3.13
 # link repo to the GitHub Container Registry image
 LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller"
@ -44,7 +44,7 @@ COPY --from=builder /workspace/source-controller /usr/local/bin/
 # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
 RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
-RUN addgroup -S controller && adduser -S -g controller controller
+RUN addgroup -S controller && adduser -S controller -G controller
 USER controller
--- a/config/manager/deployment.yaml
+++ b/config/manager/deployment.yaml
@ -20,6 +20,10 @@ spec:
        prometheus.io/port: "8080"
    spec:
      terminationGracePeriodSeconds: 10
      # Required for AWS IAM Role bindings
      # https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
      securityContext:
        fsGroup: 1337
      containers:
      - name: manager
        image: fluxcd/source-controller