ensure permissions are consistent on dockerized binaries

2026-02-18 18:28:18 -05:00 · 2025-10-16 11:18:26 -07:00 · 2025-10-16 11:18:26 -07:00 · 26cba8ee03
commit 26cba8ee03
parent 4885c6d462
3 changed files with 3 additions and 3 deletions
--- a/build/server-image/Dockerfile
+++ b/build/server-image/Dockerfile
@ -19,4 +19,4 @@ ARG BINARY


 FROM "${BASEIMAGE}"
-COPY ${BINARY} /usr/local/bin/${BINARY}
+COPY --chmod=755 ${BINARY} /usr/local/bin/${BINARY}
--- a/build/server-image/kube-apiserver/Dockerfile
+++ b/build/server-image/kube-apiserver/Dockerfile
@ -20,7 +20,7 @@ ARG SETCAP_IMAGE
 # to setup qemu for the builder.
 FROM --platform=linux/$BUILDARCH ${SETCAP_IMAGE}
 ARG BINARY
-COPY ${BINARY} /${BINARY}
+COPY --chmod=755 ${BINARY} /${BINARY}
 # We apply cap_net_bind_service so that kube-apiserver can be run as
 # non-root and still listen on port less than 1024
 RUN setcap cap_net_bind_service=+ep /${BINARY}
--- a/build/server-image/kubectl/Dockerfile
+++ b/build/server-image/kubectl/Dockerfile
@ -19,5 +19,5 @@ ARG BINARY


 FROM "${BASEIMAGE}"
-COPY ${BINARY} /bin/
+COPY --chmod=755 ${BINARY} /bin/
 ENTRYPOINT ["/bin/kubectl"]