UBI migration of Images - chaoscenter (#4753)

* feat: ubi-migration chaoscenter/authentication

Signed-off-by: dusdjhyeon <[email protected]>

* feat: ubi-migration chaoscenter/event-tracker

Signed-off-by: dusdjhyeon <[email protected]>

* feat: ubi-migration chaoscenter/graphql-server

Signed-off-by: dusdjhyeon <[email protected]>

* feat: ubi-migration chaoscenter/subscriber

Signed-off-by: dusdjhyeon <[email protected]>

* refactor: app user dir uniformity

Signed-off-by: dusdjhyeon <[email protected]>

* refactor: modify permissions

Signed-off-by: dusdjhyeon <[email protected]>

---------

Signed-off-by: dusdjhyeon <[email protected]>
Co-authored-by: Namkyu Park <[email protected]>
Co-authored-by: Vedant Shrotria <[email protected]>

chaoscenter/authentication/Dockerfile

@@ -15,13 +15,17 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/server -v ./api/
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/server /litmus
+ENV APP_DIR="/litmus"
+
+COPY --from=builder /output/server $APP_DIR/
+RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
+
+WORKDIR $APP_DIR
+USER 65534
 
 CMD ["./server"]
 

chaoscenter/event-tracker/Dockerfile

@@ -16,12 +16,18 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/event-tracker -v
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/event-tracker /litmus
+ENV APP_DIR="/litmus"
 
-CMD ["./event-tracker"]
+COPY --from=builder /output/event-tracker $APP_DIR/
+RUN chown 65534:0 $APP_DIR/event-tracker && chmod 755 $APP_DIR/event-tracker
+
+WORKDIR $APP_DIR
+USER 65534
+
+CMD ["./event-tracker"]
+
+EXPOSE 8080

chaoscenter/graphql/server/Dockerfile

@@ -11,21 +11,27 @@ WORKDIR /gql-server
 
 ENV GOOS=${TARGETOS} \
     GOARCH=${TARGETARCH}
-    
+
 RUN go env
 RUN CGO_ENABLED=0 go build -o /output/server -v
 
 ## DEPLOY STAGE
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+# Use Red Hat UBI minimal image as base
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/server /litmus
-# Copy manifests and change the group to 0(root) to make it Openshift friendly
-# as Openshift runs container with an arbitrary uid that in the root group
-COPY --chown=litmus:0 --chmod=750 ./manifests/. /litmus/manifests
+ENV APP_DIR="/litmus"
+
+COPY --from=builder /output/server $APP_DIR/
+COPY ./manifests/. $APP_DIR/manifests
+
+RUN chown -R 65534:0 $APP_DIR/manifests && chmod -R 755 $APP_DIR/manifests
+RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
+
+WORKDIR $APP_DIR
+USER 65534
+
 CMD ["./server"]
 
-EXPOSE 8080
+EXPOSE 8080

chaoscenter/subscriber/Dockerfile

@@ -16,12 +16,16 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/subscriber -v
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/subscriber /litmus
+ENV APP_DIR="/litmus"
 
-CMD ["./subscriber"]
+COPY --from=builder /output/subscriber $APP_DIR/
+RUN chown 65534:0 $APP_DIR/subscriber && chmod 755 $APP_DIR/subscriber
+
+WORKDIR $APP_DIR
+USER 65534
+
+CMD ["./subscriber"]