From dc7dc5cb93ae3d1175c2442be469983cc81a7545 Mon Sep 17 00:00:00 2001
From: Adam Mihelcsik <18672841+mihivagyok@users.noreply.github.com>
Date: Thu, 15 Feb 2024 18:22:11 +0100
Subject: [PATCH] use nonroot distroless image for agent and server

Signed-off-by: Adam Mihelcsik <18672841+mihivagyok@users.noreply.github.com>
---
 artifacts/images/agent-build.Dockerfile  | 2 +-
 artifacts/images/server-build.Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/artifacts/images/agent-build.Dockerfile b/artifacts/images/agent-build.Dockerfile
index a113fd81c..f7e91ae3c 100644
--- a/artifacts/images/agent-build.Dockerfile
+++ b/artifacts/images/agent-build.Dockerfile
@@ -25,7 +25,7 @@ ARG ARCH
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -mod=vendor -v -a -ldflags '-extldflags "-static"' -o proxy-agent sigs.k8s.io/apiserver-network-proxy/cmd/agent
 
 # Copy the loader into a thin image
-FROM gcr.io/distroless/static-debian11
+FROM gcr.io/distroless/static-debian11:nonroot
 WORKDIR /
 COPY --from=builder /go/src/sigs.k8s.io/apiserver-network-proxy/proxy-agent .
 ENTRYPOINT ["/proxy-agent"]
diff --git a/artifacts/images/server-build.Dockerfile b/artifacts/images/server-build.Dockerfile
index fe24bde21..130b7112b 100644
--- a/artifacts/images/server-build.Dockerfile
+++ b/artifacts/images/server-build.Dockerfile
@@ -24,7 +24,7 @@ ARG ARCH
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -mod=vendor -v -a -ldflags '-extldflags "-static"' -o proxy-server sigs.k8s.io/apiserver-network-proxy/cmd/server
 
 # Copy the loader into a thin image
-FROM gcr.io/distroless/static-debian11
+FROM gcr.io/distroless/static-debian11:nonroot
 WORKDIR /
 COPY --from=builder /go/src/sigs.k8s.io/apiserver-network-proxy/proxy-server .
 ENTRYPOINT ["/proxy-server"]