From b84e919edb49f66ee1b3f538490f3d756c5edc42 Mon Sep 17 00:00:00 2001
From: Andrey Lebedev <alebedev@redhat.com>
Date: Wed, 3 Apr 2024 12:12:41 +0200
Subject: [PATCH] UPSTREAM <carry>: OCPBUGS-24653: Ensure FIPS compliance for
 controller image

- Replaced the base image with a non-UBI variant.
- Added the 'strictfipsruntime' tag to the controller binary.
---
 Dockerfile.openshift | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile.openshift b/Dockerfile.openshift
index 132e79581a..0320199572 100644
--- a/Dockerfile.openshift
+++ b/Dockerfile.openshift
@@ -15,8 +15,8 @@ COPY pkg pkg
 COPY webhooks webhooks
 
 # Build the controller
-RUN go build -mod=vendor -o controller main.go
+RUN go build -tags strictfipsruntime -mod=vendor -o controller main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.redhat.io/rhel8-6-els/rhel:latest
 COPY --from=builder /opt/app-root/src/controller /usr/bin/controller
 ENTRYPOINT ["/usr/bin/controller"]