Run pause image as non-root user and group

We now build the pause image to use a pseudo user and group 65535:65535.
This increases the security aspect of the container image, if a
vulnerability would directly affect the pause container.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>

build/dependencies.yaml

@@ -160,7 +160,7 @@ dependencies:
       match: __default_go_runner_version=
 
   - name: "k8s.gcr.io/pause"
-    version: 3.4
+    version: 3.5
     refPaths:
     - path: build/pause/Makefile
       match: TAG =

build/pause/Dockerfile

@@ -16,4 +16,5 @@ ARG BASE
 FROM ${BASE}
 ARG ARCH
 ADD bin/pause-linux-${ARCH} /pause
+USER 65535:65535
 ENTRYPOINT ["/pause"]

build/pause/Makefile

@@ -17,7 +17,7 @@
 REGISTRY ?= staging-k8s.gcr.io
 IMAGE = $(REGISTRY)/pause
 
-TAG = 3.4.1
+TAG = 3.5
 REV = $(shell git describe --contains --always --match='v*')
 
 # Architectures supported: amd64, arm, arm64, ppc64le and s390x