Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubectl-1.35-image for openSUSE:Factory checked in at 2026-05-05 15:16:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubectl-1.35-image (Old) and /work/SRC/openSUSE:Factory/.kubectl-1.35-image.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubectl-1.35-image" Tue May 5 15:16:15 2026 rev:7 rq:1350803 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/kubectl-1.35-image/kubectl-1.35-image.changes 2026-04-28 12:00:50.304654056 +0200 +++ /work/SRC/openSUSE:Factory/.kubectl-1.35-image.new.30200/kubectl-1.35-image.changes 2026-05-05 15:17:34.452581194 +0200 @@ -1,0 +2,5 @@ +Mon May 4 13:01:20 UTC 2026 - SUSE Update Bot <[email protected]> + +- improve handling for running as non-root + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Dockerfile ++++++ --- /var/tmp/diff_new_pack.UpSZSb/_old 2026-05-05 15:17:34.912599493 +0200 +++ /var/tmp/diff_new_pack.UpSZSb/_new 2026-05-05 15:17:34.912599493 +0200 @@ -64,6 +64,7 @@ LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"; ENTRYPOINT ["kubectl"] -RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user +RUN set -euo pipefail; echo "user:x:999:100:User for CLI:/home/user:/usr/sbin/nologin" >> /etc/passwd && install -d -o 999 -g 100 -m 0755 /home/user /home/user/.kube + WORKDIR /home/user ++++++ README.md ++++++ --- /var/tmp/diff_new_pack.UpSZSb/_old 2026-05-05 15:17:34.936600448 +0200 +++ /var/tmp/diff_new_pack.UpSZSb/_new 2026-05-05 15:17:34.940600607 +0200 @@ -29,7 +29,16 @@ -v /localpath/to/customize:/home/user:Z registry.opensuse.org/opensuse/kubectl:1.35 kustomize --enable-helm ``` +## Running as a regular user +The container provides a preconfigured user called "user" which can be explicitly set to lower the permissions of kubectl within the container + + +```ShellSession +podman run --rm --name kubectl \ + --user user \ + -v /localpath/to/kubeconfig:/home/user/.kube/config:Z \ + registry.opensuse.org/opensuse/kubectl:1.35 version ## Licensing
![https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"](https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.png"){kind=link}