Add k0s default users to Docker image

K0s tries to run certain executables as non-root users by default. Add those users to the Docker image. Do the same for the integration tests to make sure it actually works permission-wise. Signed-off-by: Tom Wieczorek <[email protected]>
k0sproject · Jan 30, 2024 · 1de9602 · 1de9602
1 parent 6a98109
commit 1de9602
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,11 @@ ARG ALPINE_VERSION
 FROM docker.io/library/${ARCH}alpine:$ALPINE_VERSION
 ARG TARGETARCH
 
-RUN apk add --no-cache bash coreutils findutils iptables curl tini
+RUN \
+  apk add --no-cache bash coreutils findutils iptables curl tini \
+  && for u in etcd kube-apiserver kube-scheduler konnectivity-server; do \
+    adduser --system --shell /sbin/nologin --no-create-home --home /var/lib/k0s --disabled-password --gecos '' "$u"; \
+  done
 
 ENV KUBECONFIG=/var/lib/k0s/pki/admin.conf
 

diff --git a/inttest/bootloose-alpine/Dockerfile b/inttest/bootloose-alpine/Dockerfile
@@ -68,4 +68,9 @@ RUN if [ "$TARGETARCH" != arm ]; then \
       && rm -rf /tmp/cri-dockerd \
       && chmod 755 /usr/local/bin/cri-dockerd; \
   fi
+
+RUN for u in etcd kube-apiserver kube-scheduler konnectivity-server; do \
+    adduser --system --shell /sbin/nologin --no-create-home --home /var/lib/k0s --disabled-password --gecos '' "$u"; \
+  done
+
 ADD cri-dockerd.sh /etc/init.d/cri-dockerd