replicatedhq · emosbaugh · Jul 27, 2020 · Jul 24, 2020 · emosbaugh · Jul 24, 2020
diff --git a/kotsadm/api/deploy/Dockerfile b/kotsadm/api/deploy/Dockerfile
@@ -35,25 +35,20 @@ RUN curl -L "https://github.com/replicatedhq/troubleshoot/releases/download/v0.9
   mv /tmp/troubleshoot.so /lib/troubleshoot.so && \
   rm -rf /tmp/*
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    curl ca-certificates \
-  && rm -rf /var/lib/apt/lists/*
-
 ADD ./deploy/policy.json /etc/containers/policy.json
 RUN apt-get -y update && apt-get install -y --no-install-recommends \
     libgpgme-dev libdevmapper-dev \
   && rm -rf /var/lib/apt/lists/*
 
-COPY --from=build /src/build /src/build
-COPY --from=build /src/node_modules /src/node_modules
+RUN useradd -c 'kotsadm-api user' -m -d /home/kotsadm-api -s /bin/bash -u 1001 kotsadm-api
+USER kotsadm-api
+ENV HOME /home/kotsadm-api
+
+COPY --from=build --chown=kotsadm-api:kotsadm-api /src/build /src/build
+COPY --from=build --chown=kotsadm-api:kotsadm-api /src/node_modules /src/node_modules
 
 EXPOSE 3000
 ARG commit=unknown
 ENV COMMIT=${commit}
 
-RUN useradd -c 'kotsadm-api user' -m -d /home/kotsadm-api -s /bin/bash -u 1001 kotsadm-api
-RUN chown -R kotsadm-api.kotsadm-api /src
-USER kotsadm-api
-ENV HOME /home/kotsadm-api
-
 CMD ["node", "/src/build/server/index.js"]
diff --git a/kotsadm/deploy/Dockerfile b/kotsadm/deploy/Dockerfile
@@ -25,15 +25,12 @@ RUN useradd -c 'kotsadm user' -m -d /home/kotsadm -s /bin/bash -u 1001 kotsadm
 USER kotsadm
 ENV HOME /home/kotsadm
 
-COPY ./deploy/backup.sh /backup.sh
-COPY ./deploy/restore-db.sh /restore-db.sh
-COPY ./deploy/restore-s3.sh /restore-s3.sh
-COPY ./bin/kotsadm /kotsadm
-COPY ./web/dist /web/dist
-USER root
-RUN chmod a+x /kotsadm
-RUN chmod a+w /web/dist/*
-USER kotsadm
+COPY --chown=kotsadm:kotsadm ./deploy/backup.sh /backup.sh
+COPY --chown=kotsadm:kotsadm ./deploy/restore-db.sh /restore-db.sh
+COPY --chown=kotsadm:kotsadm ./deploy/restore-s3.sh /restore-s3.sh
+COPY --chown=kotsadm:kotsadm ./bin/kotsadm /kotsadm
+COPY --chown=kotsadm:kotsadm ./web/dist /web/dist
+
 WORKDIR /
 
 EXPOSE 3000

diff --git a/kotsadm/kurl_proxy/deploy/Dockerfile b/kotsadm/kurl_proxy/deploy/Dockerfile
@@ -9,12 +9,9 @@ RUN useradd -c 'kotsadm user' -m -d /home/kotsadm -s /bin/bash -u 1001 kotsadm
 USER kotsadm
 ENV HOME /home/kotsadm
 
-COPY ./bin/kurl_proxy /kurl_proxy
-COPY ./assets /assets
-USER root
-RUN chmod a+x /kurl_proxy
-RUN chmod a+w /assets/*
-USER kotsadm
+COPY --chown=kotsadm:kotsadm ./bin/kurl_proxy /kurl_proxy
+COPY --chown=kotsadm:kotsadm ./assets /assets
+
 WORKDIR /
 
 EXPOSE 8800

diff --git a/kotsadm/operator/deploy/Dockerfile b/kotsadm/operator/deploy/Dockerfile
@@ -29,14 +29,11 @@ USER kotsadm-operator
 ENV HOME /home/kotsadm-operator
 
 # Install krew
-ADD ./deploy/install-krew.sh /install-krew.sh
+COPY --chown=kotsadm-operator:kotsadm-operator ./deploy/install-krew.sh /install-krew.sh
 RUN /install-krew.sh
 ENV PATH="$HOME/.krew/bin:$PATH"
 
-COPY ./bin/kotsadm-operator /kotsadm-operator
-USER root
-RUN chmod a+x /kotsadm-operator
-USER kotsadm-operator
+COPY --chown=kotsadm-operator:kotsadm-operator ./bin/kotsadm-operator /kotsadm-operator
 
 # Install our plugins
 USER root