Test build for #3626

Author: SUSE Update Bot

kubectl-1.32-image/Dockerfile

@@ -64,5 +64,6 @@ LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
 LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"
 ENTRYPOINT ["kubectl"]
 
-RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user
+RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube
+
 WORKDIR /home/user

kubectl-1.32-image/README.md

@@ -29,7 +29,18 @@ podman run --rm --name kubectl \
       -v /localpath/to/customize:/home/user:Z
       registry.opensuse.org/opensuse/kubectl:1.32 kustomize --enable-helm
 ```
+## Running as a non-root user
 
+By default, this container runs as the `root` user. However, it is prepared to run as a non-privileged user (UID `999`) for enhanced security.
+
+To run the container in rootless mode, you must explicitly set the user and the home environment variables:
+
+```ShellSession
+podman run --rm --name kubectl \
+      --user 999:100 \
+      -e HOME=/home/user \
+      -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \
+      registry.opensuse.org/opensuse/kubectl:1.32 get nodes
 
 ## Licensing
 

kubectl-1.33-image/Dockerfile

@@ -64,5 +64,6 @@ LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
 LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"
 ENTRYPOINT ["kubectl"]
 
-RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user
+RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube
+
 WORKDIR /home/user

kubectl-1.33-image/README.md

@@ -29,7 +29,18 @@ podman run --rm --name kubectl \
       -v /localpath/to/customize:/home/user:Z
       registry.opensuse.org/opensuse/kubectl:1.33 kustomize --enable-helm
 ```
+## Running as a non-root user
 
+By default, this container runs as the `root` user. However, it is prepared to run as a non-privileged user (UID `999`) for enhanced security.
+
+To run the container in rootless mode, you must explicitly set the user and the home environment variables:
+
+```ShellSession
+podman run --rm --name kubectl \
+      --user 999:100 \
+      -e HOME=/home/user \
+      -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \
+      registry.opensuse.org/opensuse/kubectl:1.33 get nodes
 
 ## Licensing
 

kubectl-1.34-image/Dockerfile

@@ -64,5 +64,6 @@ LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
 LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"
 ENTRYPOINT ["kubectl"]
 
-RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user
+RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube
+
 WORKDIR /home/user

kubectl-1.34-image/README.md

@@ -29,7 +29,18 @@ podman run --rm --name kubectl \
       -v /localpath/to/customize:/home/user:Z
       registry.opensuse.org/opensuse/kubectl:1.34 kustomize --enable-helm
 ```
+## Running as a non-root user
 
+By default, this container runs as the `root` user. However, it is prepared to run as a non-privileged user (UID `999`) for enhanced security.
+
+To run the container in rootless mode, you must explicitly set the user and the home environment variables:
+
+```ShellSession
+podman run --rm --name kubectl \
+      --user 999:100 \
+      -e HOME=/home/user \
+      -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \
+      registry.opensuse.org/opensuse/kubectl:1.34 get nodes
 
 ## Licensing
 

kubectl-1.35-image/Dockerfile

@@ -65,5 +65,6 @@ LABEL io.artifacthub.package.readme-url="%SOURCEURL_WITH(README.md)%"
 LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"
 ENTRYPOINT ["kubectl"]
 
-RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user
+RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube
+
 WORKDIR /home/user

kubectl-1.35-image/README.md

@@ -29,7 +29,18 @@ podman run --rm --name kubectl \
       -v /localpath/to/customize:/home/user:Z
       registry.opensuse.org/opensuse/kubectl:1.35 kustomize --enable-helm
 ```
+## Running as a non-root user
 
+By default, this container runs as the `root` user. However, it is prepared to run as a non-privileged user (UID `999`) for enhanced security.
+
+To run the container in rootless mode, you must explicitly set the user and the home environment variables:
+
+```ShellSession
+podman run --rm --name kubectl \
+      --user 999:100 \
+      -e HOME=/home/user \
+      -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \
+      registry.opensuse.org/opensuse/kubectl:1.35 get nodes
 
 ## Licensing