fix(docker): use existing nobody user instead of creating UID 65534

2026-02-22 10:19:19 +01:00
parent f07eac1811
commit ae54910f51
1 changed files with 2 additions and 4 deletions
--- a/backend/deploy/Dockerfile
+++ b/backend/deploy/Dockerfile
@@ -18,16 +18,14 @@ FROM alpine:3.21

 RUN apk add --no-cache ca-certificates tzdata

-# UID 65534 = nobody on Alpine, matches podSecurityContext.runAsUser
-RUN adduser -D -u 65534 -g '' nonroot
-
 WORKDIR /app

 COPY --from=builder /api .
 COPY --from=builder /go/bin/migrate /usr/local/bin/migrate
 COPY migrations/ ./migrations/

-USER nonroot:nonroot
+# alpine:3.21 already ships nobody at UID 65534 — matches podSecurityContext.runAsUser
+USER nobody:nobody

 EXPOSE 8080