FEATURE: build operator image as non-root

[ImpSy]

Purpose of this PR

Reduce the permission of the docker image by making it non-root (like the spark image it's build from)

Proposed changes:

• Re-enable go mod caching while building the image
• Make the image use the USER define in the base spark-image (UID: 185, NAME: spark)
• Use setcap on the binary to keep the ability to mount port <1024 (useful for people mounting webhook on 443)

Change Category

Indicate the type of change by marking the applicable boxes:

• Bugfix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that could affect existing functionality)
• Documentation update

Rationale

If we aim to increase security of the project, making the image non root is a good 1st step

Checklist

Before submitting your PR, please review the following:

• I have conducted a self-review of my own code.
• I have updated documentation accordingly.
• I have added tests that prove my changes are effective or that my feature works.
• Existing unit tests pass locally with my changes.

Additional Notes

This change has been live on our product for more than 6 month
You can find the PR from our fork here -> https://github.com/spotinst/spark-on-k8s-operator/pull/10/files

[ChenYi015]

@ImpSy Thanks for the effort to improve the security of operator image! LGTM, will wait for another approval @vara-bonthu @jacobsalway.

[vara-bonthu]

Thanks for the contribution! Nice work @ImpSy 🙌🏼

[vara-bonthu]

/lgtm

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ChenYi015, vara-bonthu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ChenYi015,vara-bonthu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment