Dockerfile.ubi

# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# go-toolset uses RH's Go fork which uses OpenSSL for FIPS-certified crypto
# if this is not desirable, pass -tags no_openssl to SPO build
# see https://access.redhat.com/documentation/en-us/red_hat_developer_tools/2018.4/html/using_go_toolset/chap-changes
# for more details

# hash below referred to latest
FROM registry.access.redhat.com/ubi8/go-toolset@sha256:e059e813125f3beee236b0499cfae8d68716d925cffda327e4a09b465832960b as build
USER root
WORKDIR /work

RUN dnf install -y \
        libseccomp-devel

ADD . /work
RUN mkdir -p build

ARG APPARMOR_ENABLED=0
ARG BPF_ENABLED=0

# OCP in FIPS mode doesn't like statically linked SPO
ARG STATIC_LINK=no

RUN make

# hash below referred to latest
FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:8d43664c250c72d35af8498c7ff76a9f0d42f16b9b3b29f0caa747121778de0e
ARG version
USER root

RUN microdnf install -y \
        libseccomp

LABEL name="Security Profiles Operator" \
      version=$version \
      description="The Security Profiles Operator makes it easier for cluster admins to manage their seccomp, SELinux or AppArmor profiles and apply them to Kubernetes' workloads."

COPY --from=build /work/build/security-profiles-operator /usr/bin/
COPY --from=build /work/build/spoc /usr/bin/

ENTRYPOINT ["/usr/bin/security-profiles-operator"]

USER 65535:65535

# vim: ft=dockerfile