sriov-network-operator/Dockerfile.sriov-network-config-daemon-stig at master · Mellanox/sriov-network-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
ARG UBUNTU_STIG_BASE_IMAGE

FROM golang:1.25 AS builder

ARG GOPROXY
ENV GOPROXY=$GOPROXY

WORKDIR /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator
COPY . .
RUN make _build-sriov-network-config-daemon BIN_PATH=build/_output/cmd

FROM $UBUNTU_STIG_BASE_IMAGE
# We have to ensure that pciutils is installed. These packages are needed for mstfwreset to succeed.
# xref pkg/vendors/mellanox/mellanox.go#L150
RUN apt update && apt -y install hwdata pciutils curl mstflint

ARG TARGETARCH
ENV MFT_VERSION=4.33.0-169
RUN case ${TARGETARCH} in \
        amd64) ARCH=x86_64 ;; \
        arm64) ARCH=arm64 ;; \
        *) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
    esac && \
    curl -fsSL https://www.mellanox.com/downloads/MFT/mft-${MFT_VERSION}-${ARCH}-deb.tgz | tar -xz -C /tmp && \
    cd /tmp/mft-${MFT_VERSION}-${ARCH}-deb && \
    ./install.sh --without-kernel

# Delete the original mstconfig and mstfwreset binaries
# We only need their dependent packages, not the binaries themselves.
RUN rm -f /usr/bin/mstconfig /usr/bin/mstfwreset
RUN ln -s $(which mlxconfig) /usr/bin/mstconfig
RUN ln -s $(which mlxfwreset) /usr/bin/mstfwreset

LABEL io.k8s.display-name="sriov-network-config-daemon" \
      io.k8s.description="This is a daemon that manage and config sriov network devices in Kubernetes cluster"
COPY --from=builder /go/src/github.com/k8snetworkplumbingwg/sriov-network-operator/build/_output/cmd/sriov-network-config-daemon /usr/bin/
COPY bindata /bindata

RUN --mount=type=secret,id=stig_script,target=/tmp/stig-fixer.sh bash /tmp/stig-fixer.sh

CMD ["/usr/bin/sriov-network-config-daemon"]