Refactor the target allocator build to not run it as root (open-telem…

…etry#1345) * Refactor the target allocator build to not run it as root Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Add missing changelog Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Fix issue number in changelog Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Trigger Build Signed-off-by: Israel Blancas <iblancasa@gmail.com> * Use scratch image as base image for the target allocator Signed-off-by: Israel Blancas <iblancasa@gmail.com> Signed-off-by: Israel Blancas <iblancasa@gmail.com>
ItielOlenick · Jan 9, 2023 · b92d27c · b92d27c
1 parent 72ca254
commit b92d27c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/.chloggen/1346-run-ta-nonroot.yaml b/.chloggen/1346-run-ta-nonroot.yaml
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. operator, target allocator, github action)
+component: target allocator
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Run the target allocator as non root user"
+
+# One or more tracking issues related to the change
+issues: [1346]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
diff --git a/cmd/otel-allocator/Dockerfile b/cmd/otel-allocator/Dockerfile
@@ -1,8 +1,10 @@
-# Build the target allocator binary
-FROM golang:1.19 as builder
+# Build the otel-allocator binary
+FROM golang:1.19-alpine as builder
 
 WORKDIR /app
 
+RUN apk --no-cache add ca-certificates
+
 # Copy go mod and sum files
 COPY go.mod go.sum ./
 
@@ -14,12 +16,13 @@ COPY . .
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
 
 ######## Start a new stage from scratch #######
-FROM alpine:latest  
-
-RUN apk --no-cache add ca-certificates
+FROM scratch
 
 WORKDIR /root/
 
+# Copy the certs from the builder
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
 # Copy the pre-built binary file from the previous stage
 COPY --from=builder /app/main .