fix: update Containerfile.controlplane to include the correct binary …

…and run as non-root (#313) ## Description: This PR addresses the issue related to the missing `manager` binary in the Dockerfile and an error encountered due to user permissions in the `deployment.yaml`. 1. **Dockerfile Update:** - The correct binary for `manager` has been added to the Dockerfile as expected in [line 38 of the deployment config](https://github.com/kubernetes-sigs/blixt/blob/427839a319483f958001ba47fa6b073a08ee7755/config/manager/manager.yaml). 2. **Deployment Update:** - Added `runAsUser: 1000` to the `deployment.yaml` to resolve the permission error shown below: ![Permission Error](https://github.com/user-attachments/assets/a7ad7d15-0175-442a-bb0e-d94c4d0563fb) ## Testing To test this change: 1. Clone the repository. 2. Run `make build.image.controlplane`. 3. Create a Kubernetes cluster using either Kind or K3d. 4. Run `kubectl apply -k config/default` to deploy the changes. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kubernetes-sigs · Feb 6, 2025 · fbb841b · fbb841b
1 parent d3c65b4
commit fbb841b
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/build/Containerfile.controlplane b/build/Containerfile.controlplane
@@ -1,16 +1,28 @@
 FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx-tools
 
-FROM --platform=$BUILDPLATFORM rust:alpine
-ARG TARGETPLATFORM
-ARG PROJECT_DIR=/workspace
-ARG BUILD_DIR=$PROJECT_DIR/build
+FROM --platform=$BUILDPLATFORM rust:alpine AS builder
 
 RUN apk add --no-cache clang lld
-COPY --from=xx-tools / /
 
 WORKDIR /workspace
+
+COPY --from=xx-tools / /
+
+ARG TARGETPLATFORM
+ARG PROJECT_DIR=/workspace
+ARG BUILD_DIR=$PROJECT_DIR/build
+
 RUN --mount=type=bind,source=../controlplane/src/,target=src \
     --mount=type=bind,source=../controlplane/Cargo.toml,target=Cargo.toml \
     --mount=type=bind,source=../controlplane/Cargo.lock,target=Cargo.lock \
     xx-cargo build --release --target-dir $BUILD_DIR && \
     xx-verify ./build/$(xx-cargo --print-target-triple)/release/controller
+
+RUN cp ./build/$(xx-cargo --print-target-triple)/release/controller /workspace/manager
+
+FROM alpine:latest
+
+WORKDIR /
+
+USER 1000:1000
+COPY --from=builder /workspace/manager /manager