Make Dockerfile template compatible with Kubernetes rootless pods rai…

…ls/rails#49742
thape-cn · Nov 12, 2023 · 0ac0d94 · 0ac0d94
1 parent c7aaf47
commit 0ac0d94
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -74,9 +74,10 @@ COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build /rails /rails
 
 # Run and own only the runtime files as a non-root user for security
-RUN useradd rails --create-home --shell /bin/bash && \
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     chown -R rails:rails db log storage tmp
-USER rails:rails
+USER 1000:1000
 
 # Entrypoint prepares the database.
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]