From a040a66f09cf18d6242c8819cba3d423e1d69695 Mon Sep 17 00:00:00 2001
From: Roman Zabaluev <rzabaluev@provectus.com>
Date: Wed, 9 Feb 2022 17:59:22 +0300
Subject: [PATCH] Run the app in the container as a non-root user (#1575)

* Run as a non-root user. Fixes #1555

Signed-off-by: Roman Zabaluev <rzabaluev@provectus.com>

* Fix line break

Signed-off-by: Roman Zabaluev <rzabaluev@provectus.com>

Co-authored-by: Ruslan Ibragimov <94184844+5hin0bi@users.noreply.github.com>
---
 kafka-ui-api/Dockerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kafka-ui-api/Dockerfile b/kafka-ui-api/Dockerfile
index ba8569b100..5488a77181 100644
--- a/kafka-ui-api/Dockerfile
+++ b/kafka-ui-api/Dockerfile
@@ -1,5 +1,9 @@
 FROM alpine:3.15.0
-RUN apk add --no-cache openjdk13-jre libc6-compat gcompat
+
+RUN apk add --no-cache openjdk13-jre libc6-compat gcompat \
+&& addgroup -S kafkaui && adduser -S kafkaui -G kafkaui
+
+USER kafkaui
 
 ARG JAR_FILE
 COPY "/target/${JAR_FILE}" "/kafka-ui-api.jar"