From d33fa60e01b060359ed68e50724d36a43f31ea9e Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 7 Mar 2022 15:28:03 +0100 Subject: [PATCH 1/4] ROX-9598: Use ubi8-micro Remove dnf --- image/rhel/Dockerfile | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 52700d69fb35a..8308e65717377 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -1,8 +1,8 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8/ubi +ARG BASE_IMAGE=ubi8-micro ARG BASE_TAG=8.5 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS extracted_bundle +FROM ${BASE_REGISTRY}/ubi8/ubi:${BASE_TAG} AS extracted_bundle COPY bundle.tar.gz / WORKDIR /bundle @@ -37,23 +37,11 @@ RUN ln -s entrypoint-wrapper.sh /stackrox/admission-control && \ ln -s entrypoint-wrapper.sh /stackrox/kubernetes-sensor && \ ln -s entrypoint-wrapper.sh /stackrox/sensor-upgrader && \ ln -s /assets/downloads/cli/roxctl-linux /stackrox/roxctl && \ - rpm --import RPM-GPG-KEY-CentOS-Official && \ - dnf upgrade -y && \ - dnf install -y lz4 bzip2 /tmp/snappy.rpm && \ - dnf clean all && \ - rm /tmp/snappy.rpm RPM-GPG-KEY-CentOS-Official && \ - # (Optional) Remove line below to keep package management utilities - rpm -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \ - rm -rf /var/cache/dnf && \ - # The contents of paths mounted as emptyDir volumes in Kubernetes are saved - # by the script `save-dir-contents` during the image build. The directory - # contents are then restored by the script `restore-all-dir-contents` - # during the container start. - chown -R 4000:4000 /etc/pki /etc/ssl && save-dir-contents /etc/pki/ca-trust /etc/ssl && \ mkdir -p /var/lib/stackrox && chown -R 4000:4000 /var/lib/stackrox && \ mkdir -p /var/log/stackrox && chown -R 4000:4000 /var/log/stackrox && \ mkdir -p /var/cache/stackrox && chown -R 4000:4000 /var/cache/stackrox && \ - chown -R 4000:4000 /tmp + mkdir -p /etc/pki /etc/ssl && \ + chown -R 4000:4000 /tmp /etc/pki /etc/ssl EXPOSE 8443 From eac5b7a2c2024a32e2abda2de01a145ae05ccaa1 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 8 Mar 2022 11:11:08 +0100 Subject: [PATCH 2/4] Fix --- image/rhel/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 8308e65717377..1f2db6b3e8524 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -7,6 +7,7 @@ FROM ${BASE_REGISTRY}/ubi8/ubi:${BASE_TAG} AS extracted_bundle COPY bundle.tar.gz / WORKDIR /bundle RUN tar -zxf /bundle.tar.gz +RUN dnf install -y lz4-libs bzip2-libs /bundle/snappy.rpm --nodocs FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -29,8 +30,10 @@ COPY --from=extracted_bundle /bundle/stackrox/ /stackrox/ COPY --from=extracted_bundle /bundle/THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ COPY --from=extracted_bundle /bundle/ui/ /ui/ COPY --from=extracted_bundle /bundle/usr/local/bin/ldb /usr/local/bin/ -COPY --from=extracted_bundle /bundle/snappy.rpm /tmp/ COPY --from=extracted_bundle /bundle/go/ /go/ +COPY --from=extracted_bundle /usr/lib64/liblz4.so.1 /usr/lib64/liblz4.so.1 +COPY --from=extracted_bundle /usr/lib64/libbz2.so.1 /usr/lib64/libbz2.so.1 +COPY --from=extracted_bundle /usr/lib64/libsnappy.so.1 /usr/lib64/libsnappy.so.1 RUN ln -s entrypoint-wrapper.sh /stackrox/admission-control && \ ln -s entrypoint-wrapper.sh /stackrox/compliance && \ From 694379ceba12cf8e2d1cdc55ad2b1187c8f109d6 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 8 Mar 2022 12:52:08 +0100 Subject: [PATCH 3/4] WIP --- image/rhel/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 1f2db6b3e8524..624a452fc4be2 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -34,6 +34,9 @@ COPY --from=extracted_bundle /bundle/go/ /go/ COPY --from=extracted_bundle /usr/lib64/liblz4.so.1 /usr/lib64/liblz4.so.1 COPY --from=extracted_bundle /usr/lib64/libbz2.so.1 /usr/lib64/libbz2.so.1 COPY --from=extracted_bundle /usr/lib64/libsnappy.so.1 /usr/lib64/libsnappy.so.1 +COPY --from=extracted_bundle /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so.6 +COPY --from=extracted_bundle /usr/lib64/libzstd.so.1 /usr/lib64/libzstd.so.1 +COPY --from=extracted_bundle /usr/lib64/libz.so.1 /usr/lib64/libz.so.1 RUN ln -s entrypoint-wrapper.sh /stackrox/admission-control && \ ln -s entrypoint-wrapper.sh /stackrox/compliance && \ From 33c0a66044794ea55b649fa4b545ebe8c2b414a8 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 8 Mar 2022 13:00:50 +0100 Subject: [PATCH 4/4] WIP --- image/rhel/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 624a452fc4be2..01e7801f260a2 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -37,6 +37,7 @@ COPY --from=extracted_bundle /usr/lib64/libsnappy.so.1 /usr/lib64/libsnappy.so.1 COPY --from=extracted_bundle /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so.6 COPY --from=extracted_bundle /usr/lib64/libzstd.so.1 /usr/lib64/libzstd.so.1 COPY --from=extracted_bundle /usr/lib64/libz.so.1 /usr/lib64/libz.so.1 +COPY --from=extracted_bundle /usr/lib64/libgcc_s.so.1 /usr/lib64/libgcc_s.so.1 RUN ln -s entrypoint-wrapper.sh /stackrox/admission-control && \ ln -s entrypoint-wrapper.sh /stackrox/compliance && \