From 76d999fd2c2120041ea2c8fc135ceea86fc4ded5 Mon Sep 17 00:00:00 2001
From: Jiawei Huang <jiawei@tigera.io>
Date: Wed, 28 Feb 2024 19:57:24 -0800
Subject: [PATCH] Run calico/apiserver as non-root by default

This changeset sets non-root and non-group for calico/apiserver.
---
 apiserver/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apiserver/Dockerfile b/apiserver/Dockerfile
index 308d2e6c305..df95f1564b6 100644
--- a/apiserver/Dockerfile
+++ b/apiserver/Dockerfile
@@ -21,6 +21,8 @@ LABEL version=${GIT_VERSION}
 
 COPY --from=source / /
 
+USER 10001:10001
+
 WORKDIR /code
 
 ENTRYPOINT ["/code/apiserver"]