File tree Expand file tree Collapse file tree 4 files changed +43
-23
lines changed Expand file tree Collapse file tree 4 files changed +43
-23
lines changed Original file line number Diff line number Diff line change @@ -15,13 +15,17 @@ RUN go env
1515RUN CGO_ENABLED=0 go build -o /output/server -v ./api/
1616
1717# Packaging stage
18- # Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
19- # The base image is non-root (have litmus user) with default litmus directory.
20- FROM litmuschaos/infra-alpine
18+ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
2119
2220LABEL maintainer="LitmusChaos"
2321
24- COPY --from=builder /output/server /litmus
22+ ENV APP_DIR="/litmus"
23+
24+ COPY --from=builder /output/server $APP_DIR/
25+ RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
26+
27+ WORKDIR $APP_DIR
28+ USER 65534
2529
2630CMD ["./server" ]
2731
Original file line number Diff line number Diff line change @@ -16,12 +16,18 @@ RUN go env
1616RUN CGO_ENABLED=0 go build -o /output/event-tracker -v
1717
1818# Packaging stage
19- # Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
20- # The base image is non-root (have litmus user) with default litmus directory.
21- FROM litmuschaos/infra-alpine
19+ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
2220
2321LABEL maintainer="LitmusChaos"
2422
25- COPY --from=builder /output/event-tracker / litmus
23+ ENV APP_DIR= "/ litmus"
2624
27- CMD ["./event-tracker" ]
25+ COPY --from=builder /output/event-tracker $APP_DIR/
26+ RUN chown 65534:0 $APP_DIR/event-tracker && chmod 755 $APP_DIR/event-tracker
27+
28+ WORKDIR $APP_DIR
29+ USER 65534
30+
31+ CMD ["./event-tracker" ]
32+
33+ EXPOSE 8080
Original file line number Diff line number Diff line change @@ -11,21 +11,27 @@ WORKDIR /gql-server
1111
1212ENV GOOS=${TARGETOS} \
1313 GOARCH=${TARGETARCH}
14-
14+
1515RUN go env
1616RUN CGO_ENABLED=0 go build -o /output/server -v
1717
1818# # DEPLOY STAGE
19- # Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
20- # The base image is non-root (have litmus user) with default litmus directory.
21- FROM litmuschaos/infra-alpine
19+ # Use Red Hat UBI minimal image as base
20+ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
2221
2322LABEL maintainer="LitmusChaos"
2423
25- COPY --from=builder /output/server /litmus
26- # Copy manifests and change the group to 0(root) to make it Openshift friendly
27- # as Openshift runs container with an arbitrary uid that in the root group
28- COPY --chown=litmus:0 --chmod=750 ./manifests/. /litmus/manifests
24+ ENV APP_DIR="/litmus"
25+
26+ COPY --from=builder /output/server $APP_DIR/
27+ COPY ./manifests/. $APP_DIR/manifests
28+
29+ RUN chown -R 65534:0 $APP_DIR/manifests && chmod -R 755 $APP_DIR/manifests
30+ RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
31+
32+ WORKDIR $APP_DIR
33+ USER 65534
34+
2935CMD ["./server" ]
3036
31- EXPOSE 8080
37+ EXPOSE 8080
Original file line number Diff line number Diff line change @@ -16,12 +16,16 @@ RUN go env
1616RUN CGO_ENABLED=0 go build -o /output/subscriber -v
1717
1818# Packaging stage
19- # Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
20- # The base image is non-root (have litmus user) with default litmus directory.
21- FROM litmuschaos/infra-alpine
19+ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
2220
2321LABEL maintainer="LitmusChaos"
2422
25- COPY --from=builder /output/subscriber / litmus
23+ ENV APP_DIR= "/ litmus"
2624
27- CMD ["./subscriber" ]
25+ COPY --from=builder /output/subscriber $APP_DIR/
26+ RUN chown 65534:0 $APP_DIR/subscriber && chmod 755 $APP_DIR/subscriber
27+
28+ WORKDIR $APP_DIR
29+ USER 65534
30+
31+ CMD ["./subscriber" ]
You can’t perform that action at this time.
0 commit comments