Named users fail to pass admission controller
Feature description
This Dockerfile uses "USER build" (https://repo1.dso.mil/dsop/opensource/containers/buildah/-/blob/development/Dockerfile#L55). This means that the admission controllers on some Kubernetes clusters are unable to verify that this is not running as root without starting the container. Our admission controller doesn't know what the UID of build is to confirm it is not 0 without opening the container and inspecting its contents. Therefore it will reject this container.
Could we change line 55 of the Dockerfile to use the UID instead of the name to facilitate improved inspection of this container by the Admission Controller?
Use cases
Kubernetes environments with AdmissionsControllers that do not allow named users.
Benefits
Greater flexibility in what kubernetes environments can use this without modifying the container.
Tasks
-
Feature has been implemented