From d653dc1026a79f541d2c80fefd803215136995f3 Mon Sep 17 00:00:00 2001 From: Andreas Auernhammer Date: Tue, 24 Oct 2023 00:14:16 +0200 Subject: [PATCH] docker: use ubi-micro base image (#1830) This commit replaces the ubi-minimal with ubi-micro as a base image. The micro base image is smaller and contains less components. Hence, it gets less often flagged by security scanners, aside of shorter pull times. Signed-off-by: Andreas Auernhammer --- Dockerfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 57452dd86a7..f3b9e4363f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,8 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8 as build + +RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs + +FROM registry.access.redhat.com/ubi8/ubi-micro:8.8 ARG TAG @@ -10,13 +14,14 @@ LABEL name="MinIO" \ summary="MinIO Operator brings native support for MinIO, Console, and Encryption to Kubernetes." \ description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads." +# On RHEL the certificate bundle is located at: +# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6) +# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7) +COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/ + COPY CREDITS /licenses/CREDITS COPY LICENSE /licenses/LICENSE -RUN \ - microdnf update --nodocs && \ - microdnf install curl ca-certificates shadow-utils --nodocs - COPY minio-operator /minio-operator ENTRYPOINT ["/minio-operator"]