Skip to content

Commit

Permalink
chore: add alpine based fips image (#1381)
Browse files Browse the repository at this point in the history
* chore: update go version to 1.21

update go version in go mod and in build pipeline

* chore: add alpine based fips image

- add alpine based fips image
- fix ubi9 build image
  • Loading branch information
deven0t authored Feb 1, 2024
1 parent 9b70472 commit 08dbe2f
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 4 deletions.
80 changes: 80 additions & 0 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ builds:
binary: starboard-operator-fips
flags:
- -tags=fipsonly
env:
- GOEXPERIMENT=boringcrypto
goos:
- linux
goarch:
Expand Down Expand Up @@ -592,6 +594,78 @@ dockers:
- "--platform=linux/ppc64le"
extra_files:
- LICENSE
- image_templates:
- "docker.io/aquasec/starboard-operator:{{ .Version }}-fips-amd64"
use: buildx
goos: linux
dockerfile: build/starboard-operator/Dockerfile.fips
goarch: amd64
ids:
- starboard-operator
build_flag_templates:
- "--label=org.opencontainers.image.title=starboard-operator"
- "--label=org.opencontainers.image.description=Keeps Starboard resources updated"
- "--label=org.opencontainers.image.vendor=Aqua Security"
- "--label=org.opencontainers.image.version={{ .Version }}"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/starboard"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/starboard/v{{ .Version }}/"
- "--platform=linux/amd64"
- image_templates:
- "docker.io/aquasec/starboard-operator:{{ .Version }}-fips-arm64"
use: buildx
goos: linux
dockerfile: build/starboard-operator/Dockerfile.fips
goarch: arm64
ids:
- starboard-operator
build_flag_templates:
- "--label=org.opencontainers.image.title=starboard-operator"
- "--label=org.opencontainers.image.description=Keeps Starboard resources updated"
- "--label=org.opencontainers.image.vendor=Aqua Security"
- "--label=org.opencontainers.image.version={{ .Version }}"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/starboard"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/starboard/v{{ .Version }}/"
- "--platform=linux/arm64"
- image_templates:
- "docker.io/aquasec/starboard-operator:{{ .Version }}-fips-s390x"
use: buildx
goos: linux
dockerfile: build/starboard-operator/Dockerfile.fips
goarch: s390x
ids:
- starboard-operator
build_flag_templates:
- "--label=org.opencontainers.image.title=starboard-operator"
- "--label=org.opencontainers.image.description=Keeps Starboard resources updated"
- "--label=org.opencontainers.image.vendor=Aqua Security"
- "--label=org.opencontainers.image.version={{ .Version }}"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/starboard"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/starboard/v{{ .Version }}/"
- "--platform=linux/s390x"
- image_templates:
- "docker.io/aquasec/starboard-operator:{{ .Version }}-fips-ppc64le"
use: buildx
goos: linux
dockerfile: build/starboard-operator/Dockerfile.fips
goarch: ppc64le
ids:
- starboard-operator
build_flag_templates:
- "--label=org.opencontainers.image.title=starboard-operator"
- "--label=org.opencontainers.image.description=Keeps Starboard resources updated"
- "--label=org.opencontainers.image.vendor=Aqua Security"
- "--label=org.opencontainers.image.version={{ .Version }}"
- "--label=org.opencontainers.image.created={{ .Date }}"
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/starboard"
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
- "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/starboard/v{{ .Version }}/"
- "--platform=linux/ppc64le"
docker_manifests:
- name_template: "aquasec/starboard:{{ .Version }}"
image_templates:
Expand All @@ -604,6 +678,12 @@ docker_manifests:
- "aquasec/starboard-operator:{{ .Version }}-arm64"
- "aquasec/starboard-operator:{{ .Version }}-s390x"
- "aquasec/starboard-operator:{{ .Version }}-ppc64le"
- name_template: "aquasec/starboard-operator:{{ .Version }}-fips"
image_templates:
- "aquasec/starboard-operator:{{ .Version }}-fips-amd64"
- "aquasec/starboard-operator:{{ .Version }}-fips-arm64"
- "aquasec/starboard-operator:{{ .Version }}-fips-s390x"
- "aquasec/starboard-operator:{{ .Version }}-fips-ppc64le"
- name_template: "aquasec/starboard-operator:{{ .Version }}-ubi8"
image_templates:
- "aquasec/starboard-operator:{{ .Version }}-ubi8-amd64"
Expand Down
11 changes: 11 additions & 0 deletions build/starboard-operator/Dockerfile.fips
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
FROM alpine:3.17

RUN apk update && apk upgrade

RUN adduser -u 10000 -D -g '' starboard starboard

COPY starboard-operator-fips /usr/local/bin/starboard-operator

USER starboard

ENTRYPOINT ["starboard-operator"]
2 changes: 1 addition & 1 deletion build/starboard-operator/Dockerfile.fips.ubi8
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL name="Starboard" \
version="v0.15.19" \
summary="Starboard Operator."

RUN microdnf install shadow-utils
RUN microdnf install -y shadow-utils
RUN useradd -u 10000 starboard
WORKDIR /opt/bin/
COPY starboard-operator-fips /usr/local/bin/starboard-operator
Expand Down
2 changes: 1 addition & 1 deletion build/starboard-operator/Dockerfile.fips.ubi9
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL name="Starboard" \
version="v0.15.19" \
summary="Starboard Operator."

RUN microdnf install shadow-utils
RUN microdnf install -y shadow-utils
RUN useradd -u 10000 starboard
WORKDIR /opt/bin/
COPY starboard-operator-fips /usr/local/bin/starboard-operator
Expand Down
2 changes: 1 addition & 1 deletion build/starboard-operator/Dockerfile.ubi8
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL name="Starboard" \
version="v0.15.19" \
summary="Starboard Operator."

RUN microdnf install shadow-utils
RUN microdnf install -y shadow-utils
RUN useradd -u 10000 starboard
WORKDIR /opt/bin/
COPY starboard-operator /usr/local/bin/starboard-operator
Expand Down
2 changes: 1 addition & 1 deletion build/starboard-operator/Dockerfile.ubi9
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL name="Starboard" \
version="v0.15.19" \
summary="Starboard Operator."

RUN microdnf install shadow-utils
RUN microdnf install -y shadow-utils
RUN useradd -u 10000 starboard
WORKDIR /opt/bin/
COPY starboard-operator /usr/local/bin/starboard-operator
Expand Down

0 comments on commit 08dbe2f

Please sign in to comment.