Docker file added multistage build to add non-root user running under ID:20001 for image.

Reduces attack surface by not running image as root user
2019-02-16 00:36:08 +02:00
parent 85c31524f6
commit 06781103f0
1 changed files with 6 additions and 0 deletions
--- a/6
+++ b/6
@@ -1,5 +1,11 @@
+FROM debian:7.11-slim
+RUN useradd -u 20001 postgres_exporter
+
 FROM scratch

+COPY --from=0 /etc/passwd /etc/passwd
+USER postgres_exporter
+
 ARG binary

 COPY $binary /postgres_exporter