Non-root (#217)

Runs zipkin as non-root and replace maintainer label

cassandra/Dockerfile

@@ -13,7 +13,7 @@ RUN /usr/local/bin/install
 
 # Share the same base image to reduce layers used in testing
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 ENV JVM_OPTS="-Dcassandra -Dcassandra.config.loader=ZipkinConfigurationLoader -Djava.net.preferIPv4Stack=true"
 

elasticsearch/Dockerfile

@@ -23,7 +23,7 @@ RUN curl -sSL https://download.elasticsearch.org/elasticsearch/release/org/elast
     mv elasticsearch-$ELASTICSEARCH_VERSION/* /elasticsearch/
 
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 RUN ["/busybox/sh", "-c", "adduser -g '' -D elasticsearch"]
 

elasticsearch5/Dockerfile

@@ -25,7 +25,7 @@ RUN curl -sSL https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch
     mv elasticsearch-$ELASTICSEARCH_VERSION/* /elasticsearch/
 
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 RUN ["/busybox/sh", "-c", "adduser -g '' -D elasticsearch"]
 

elasticsearch6/Dockerfile

@@ -24,7 +24,7 @@ RUN curl -sSL https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch
     mv elasticsearch-$ELASTICSEARCH_VERSION/* /elasticsearch/
 
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 # https://github.com/elastic/elasticsearch/pull/31003 was closed won't fix
 ENV ES_TMPDIR /tmp

elasticsearch7/Dockerfile

@@ -26,7 +26,7 @@ RUN curl -sSL https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch
     rm -rf /elasticsearch/modules/x-pack-ml/platform/linux-x86_64
 
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 # https://github.com/elastic/elasticsearch/pull/31003 was closed won't fix
 ENV ES_TMPDIR /tmp

kafka/Dockerfile

@@ -13,12 +13,16 @@ ADD start.sh /kafka/bin
 
 # Share the same base image to reduce layers used in testing
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 WORKDIR /kafka
 
+RUN ["/busybox/sh", "-c", "adduser -g '' -D kafka"]
+
 COPY --from=0 /kafka /kafka
 
+USER kafka
+
 # Port 19092 is for connections from the Docker host
 EXPOSE 2181 9092 19092
 

mysql/Dockerfile

@@ -1,5 +1,5 @@
 FROM alpine
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 WORKDIR /mysql
 ADD install.sh /mysql/install

zipkin-ui/Dockerfile

@@ -1,5 +1,5 @@
 FROM nginx:1.16-alpine
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 # This gets whatever the latest version of zipkin-lens is
 ENV ZIPKIN_REPO https://oss.jfrog.org/artifactory/oss-snapshot-local

zipkin/Dockerfile

@@ -29,19 +29,23 @@ RUN apk add unzip curl --no-cache && \
     apk del unzip
 
 FROM gcr.io/distroless/java:11-debug
-MAINTAINER Zipkin "https://zipkin.io/"
+LABEL MAINTAINER Zipkin "https://zipkin.io/"
 
 # Use to set heap, trust store or other system properties.
 ENV JAVA_OPTS -Djava.security.egd=file:/dev/./urandom
 # 3rd party modules like zipkin-aws will apply profile settings with this
 ENV MODULE_OPTS=
 
+RUN ["/busybox/sh", "-c", "adduser -g '' -D zipkin"]
+
 # Add environment settings for supported storage types
 COPY --from=0 /zipkin/ /zipkin/
 WORKDIR /zipkin
 
 RUN ["/busybox/sh", "-c", "ln -s /busybox/* /bin"]
 
+USER zipkin
+
 EXPOSE 9410 9411
 
 ENTRYPOINT ["/busybox/sh", "run.sh"]