From 8c4983f53f1f85c6734300a433cfd0a6299520b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Gomez?= <contact@kevingomez.fr>
Date: Sun, 21 Nov 2021 17:54:31 +0100
Subject: [PATCH] Use gcr.io/distroless/static:nonroot as base docker image

---
 README.md                   | 2 +-
 build/Dockerfile-controller | 7 ++++---
 build/Dockerfile-converter  | 7 ++++---
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 7065ab9c..e17e212e 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ docker run --rm -it -v $(pwd):/workspace kphoen/dark-converter:latest convert-ya
 ## Converting Grafana JSON dashboard to a Kubernetes manifest
 
 ```sh
-docker run --rm -it -v $(pwd):/workspace kphoen/dark-converter:latest convert-k8s-manifest -i dashboard.json -o converted-dashboard.yaml --folder Dark --namespace monitoring test-dashboard
+docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/workspace kphoen/dark-converter:latest convert-k8s-manifest -i dashboard.json -o converted-dashboard.yaml --folder Dark --namespace monitoring test-dashboard
 ```
 
 ## Integrating with ArgoCD
diff --git a/build/Dockerfile-controller b/build/Dockerfile-controller
index a6407522..b4946ece 100644
--- a/build/Dockerfile-controller
+++ b/build/Dockerfile-controller
@@ -8,11 +8,12 @@ COPY . /app
 
 RUN make controller_build
 
-# Run
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
 
-FROM alpine:3.14
 ENTRYPOINT ["/app/dark-controller"]
 WORKDIR /app
-RUN apk --update --no-cache add ca-certificates=20191127-r5 && update-ca-certificates
+USER 65532:65532
 
 COPY --from=build /app/dark-controller /app/dark-controller
diff --git a/build/Dockerfile-converter b/build/Dockerfile-converter
index 21d29b10..635b260f 100644
--- a/build/Dockerfile-converter
+++ b/build/Dockerfile-converter
@@ -8,11 +8,12 @@ COPY . /app
 
 RUN make converter_build
 
-# Run
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
 
-FROM alpine:3.14
 ENTRYPOINT ["/app/dark-converter"]
 WORKDIR /workspace
-RUN apk --update --no-cache add ca-certificates=20191127-r5 && update-ca-certificates
+USER 65532:65532
 
 COPY --from=build /app/dark-converter /app/dark-converter