Dockerfile.ubi

# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# go-toolset uses RH's Go fork which uses OpenSSL for FIPS-certified crypto
# if this is not desirable, pass -tags no_openssl to SPO build
# see https://access.redhat.com/documentation/en-us/red_hat_developer_tools/2018.4/html/using_go_toolset/chap-changes
# for more details

# hash below referred to latest
FROM registry.access.redhat.com/ubi9/go-toolset@sha256:bee74f192b88c76f4b1a41f9892cff62b346ce6224fdbf167e225918f8e9d216 as build
USER root
WORKDIR /work

RUN dnf install -y \
  libseccomp-devel

ADD . /work
RUN mkdir -p build

ARG APPARMOR_ENABLED=0
ARG BPF_ENABLED=0

# OCP in FIPS mode doesn't like statically linked SPO
ARG STATIC_LINK=no

RUN make

# hash below referred to latest
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:104cf11d890aeb7dd5728b7d7732e175a0e4018f1bb00d2faebcc8f6bf29bd52
ARG version
USER root

RUN microdnf install -y \
  libseccomp

LABEL name="Security Profiles Operator" \
  version=$version \
  description="The Security Profiles Operator makes it easier for cluster admins to manage their seccomp, SELinux or AppArmor profiles and apply them to Kubernetes' workloads."

COPY --from=build /work/build/security-profiles-operator /usr/bin/
COPY --from=build /work/build/spoc /usr/bin/

ENTRYPOINT ["/usr/bin/security-profiles-operator"]

USER 65535:65535

# vim: ft=dockerfile