docker: move from /cache to existing /tmp for secret store

2026-05-17 08:56:10 +03:00 · 2026-02-16 00:00:27 +03:00
parent a756ebd32b
commit d8e6b9e336
1 changed files with 1 additions and 8 deletions
--- a/9
+++ b/9
@@ -58,9 +58,6 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
      exit 1; \
    fi

-# Создаём writable директорию для nonroot (uid 65534)
-RUN mkdir -p /cache && chown 65534:65534 /cache
-
 FROM gcr.io/distroless/static:nonroot AS runtime

 STOPSIGNAL SIGINT
@@ -68,11 +65,7 @@ STOPSIGNAL SIGINT
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build /out/telemt /usr/local/bin/telemt

-# Writable directory owned by nonroot — сюда попадёт proxy-secret
-COPY --chown=65534:65534 --from=build /cache /cache
-
-# CWD = /cache, поэтому запись в "proxy-secret" → /cache/proxy-secret
-WORKDIR /cache
+WORKDIR /tmp

 EXPOSE 443/tcp 9090/tcp