From 7b9d72791fb3d88b8d8becfe1dc55d362eb6298b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Sun, 5 Oct 2025 21:05:42 +0200
Subject: [PATCH] feat(infrastructure): rootless container

---
 7project/backend/Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/7project/backend/Dockerfile b/7project/backend/Dockerfile
index 0f78fea..327d5bf 100644
--- a/7project/backend/Dockerfile
+++ b/7project/backend/Dockerfile
@@ -1,8 +1,12 @@
 FROM python:3.11-slim
 
 WORKDIR /app
-RUN useradd -m appuser
-USER appuser
+# Create a non-root user with a fixed numeric UID/GID so Kubernetes can verify runAsNonRoot
+RUN groupadd -g 1000 appgroup \
+    && useradd -u 1000 -g 1000 -m appuser \
+    && chown -R 1000:1000 /app
+# Use numeric UID to avoid "non-numeric user" errors in Kubernetes
+USER 1000
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt