Skip to content

Commit 3e9adef

Browse files
zdtswzdtsw
committed
fix: konflux build for image
Signed-off-by: Wen Zhou <wenzhou@redhat.com>
1 parent 53b0f34 commit 3e9adef

File tree

1 file changed

+18
-6
lines changed

1 file changed

+18
-6
lines changed

Dockerfile.konflux

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -47,25 +47,37 @@ RUN case ${TARGETPLATFORM} in \
4747
"linux/arm/v6") GOARCH=arm GOARM=6 ;; \
4848
"linux/arm/v7") GOARCH=arm GOARM=7 ;; \
4949
esac && \
50-
printf "Building FIPS-compliant OAuth2 Proxy for arch ${GOARCH}\n" && \
50+
printf "Building FIPS-compliant kube-auth-proxy for arch ${GOARCH}\n" && \
5151
CGO_ENABLED=1 GOOS=linux GOARCH=${GOARCH} GOEXPERIMENT=strictfipsruntime \
5252
go build -a -tags strictfipsruntime \
5353
-ldflags="-X github.com/opendatahub-io/kube-auth-proxy/v1/pkg/version.VERSION=${VERSION}" \
5454
-o kube-auth-proxy github.com/opendatahub-io/kube-auth-proxy/v1 && \
55-
touch jwt_signing_key.pem
55+
touch jwt_signing_key.pem && \
56+
printf "Building kube-rbac-proxy for arch ${GOARCH}\n" && \
57+
VERSION_SEMVER=$(echo "${VERSION}" | grep -o 'v[0-9]\+\.[0-9]\+\.[0-9]\+' || echo "v0.19.1") && \
58+
cd kube-rbac-proxy && GOARCH=${GOARCH} VERSION="${VERSION}" VERSION_SEMVER="${VERSION_SEMVER}" make build && \
59+
cd .. && printf "Building entrypoint for arch ${GOARCH}\n" && \
60+
CGO_ENABLED=1 GOOS=linux GOARCH=${GOARCH} GOEXPERIMENT=strictfipsruntime go build -a -tags strictfipsruntime -o entrypoint ./cmd/entrypoint
61+
5662

5763
# Copy binary to FIPS-compliant runtime image
5864
FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:7c5495d5fad59aaee12abc3cbbd2b283818ee1e814b00dbc7f25bf2d14fa4f0c
5965
# Reload version
6066
ARG VERSION
6167

6268
WORKDIR /
63-
COPY --from=builder $GOPATH/src/github.com/opendatahub-io/kube-auth-proxy/kube-auth-proxy /bin/kube-auth-proxy
64-
COPY --chown=1001:0 --from=builder $GOPATH/src/github.com/opendatahub-io/kube-auth-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
69+
COPY --from=builder /workspace/kube-auth-proxy /bin/kube-auth-proxy
70+
COPY --from=builder /workspace/kube-rbac-proxy/_output/kube-rbac-proxy /bin/kube-rbac-proxy
71+
COPY --from=builder /workspace/entrypoint /bin/entrypoint
72+
COPY --chown=1001:0 --from=builder /workspace/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
73+
6574

6675
# Set proper permissions for non-root execution
6776
RUN chown -R 1001:0 /etc/ssl/private && \
68-
chmod -R g=u /etc/ssl/private
77+
chmod -R g=u /etc/ssl/private && \
78+
chown 1001:0 /bin/kube-auth-proxy /bin/kube-rbac-proxy /bin/entrypoint && \
79+
chmod 755 /bin/kube-auth-proxy /bin/kube-rbac-proxy /bin/entrypoint
80+
6981

7082
USER 1001
7183

@@ -77,4 +89,4 @@ LABEL org.opencontainers.image.licenses=MIT \
7789
org.opencontainers.image.title=kube-auth-proxy \
7890
org.opencontainers.image.version=${VERSION}
7991

80-
ENTRYPOINT ["/bin/kube-auth-proxy"]
92+
ENTRYPOINT ["/bin/entrypoint"]

0 commit comments

Comments
 (0)