Skip to content

Commit

Permalink
Fixes system and oc vulnerabilities detected by trivy (#644)
Browse files Browse the repository at this point in the history
* fixes system and oc vulnerabilities detected by trivy

Signed-off-by: Tullio Sebastiani <[email protected]>

* updated base image to run as krkn user instead of root

Signed-off-by: Tullio Sebastiani <[email protected]>

---------

Signed-off-by: Tullio Sebastiani <[email protected]>
  • Loading branch information
tsebastiani authored Jun 10, 2024
1 parent 5fe0655 commit 7b660a0
Showing 1 changed file with 19 additions and 19 deletions.
38 changes: 19 additions & 19 deletions containers/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,48 +2,48 @@
FROM mcr.microsoft.com/azure-cli:latest as azure-cli

# oc build
FROM golang:1.22.2 AS oc-build
FROM golang:1.22.4 AS oc-build
RUN apt-get update && apt-get install -y libkrb5-dev
WORKDIR /tmp
RUN git clone --branch release-4.18 https://github.com/openshift/oc.git
WORKDIR /tmp/oc
RUN go mod edit -go 1.22.3 &&\
go get github.com/moby/[email protected] &&\
go get github.com/containerd/[email protected]&&\
go get github.com/docker/[email protected]&&\
go mod tidy && go mod vendor
RUN make GO_REQUIRED_MIN_VERSION:= oc

FROM registry.access.redhat.com/ubi9/ubi:latest
FROM fedora:40
RUN groupadd -g 1001 krkn && useradd -m -u 1001 -g krkn krkn
RUN dnf update -y

# krkn version that will be built
ENV KRKN_VERSION v1.6.0

ENV KUBECONFIG /root/.kube/config
ENV KUBECONFIG /home/krkn/.kube/config

# update yum and install dependencies
RUN yum update -y glibc glibc-common glibc-minimal-langpack runc libnghttp2
RUN rpm -e --allmatches --nodeps --noscripts --notriggers python3-requests
RUN yum install -y git python39 python3-pip jq gettext wget

# get yq
RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq

# get kubectl
# install kubectl
RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" &&\
cp kubectl /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl &&\
cp kubectl /usr/bin/kubectl && chmod +x /usr/bin/kubectl

# This overwrites any existing configuration in /etc/yum.repos.d/kubernetes.repo
RUN dnf update && dnf install -y git python39 jq yq gettext wget
# copy azure client binary from azure-cli image
COPY --from=azure-cli /usr/local/bin/az /usr/bin/az

# copy oc client binary from oc-build image
COPY --from=oc-build /tmp/oc/oc /usr/bin/oc
COPY --from=oc-build /tmp/oc/oc /usr/local/bin/oc

# krkn build
RUN python3.9 -m pip install -U pip
RUN git clone https://github.com/krkn-chaos/krkn.git --branch $KRKN_VERSION /root/kraken && \
mkdir -p /root/.kube
WORKDIR /root/kraken
RUN git clone https://github.com/krkn-chaos/krkn.git --branch $KRKN_VERSION /home/krkn/kraken && \
mkdir -p /home/krkn/.kube
WORKDIR /home/krkn/kraken
RUN python3.9 -m ensurepip
RUN pip3.9 install -r requirements.txt
RUN pip3.9 install virtualenv

WORKDIR /root/kraken
RUN chown -R krkn:krkn /home/krkn
USER krkn
ENTRYPOINT ["python3.9", "run_kraken.py"]
CMD ["--config=config/config.yaml"]

0 comments on commit 7b660a0

Please sign in to comment.