From 67147e4a49798edc8ad446e2e5a712621cc37c25 Mon Sep 17 00:00:00 2001 From: Grzegorz Piotrowski Date: Thu, 3 Jul 2025 12:46:45 +0100 Subject: [PATCH 1/2] OCPBUGS-46442: Use UBI9 as base and builder image This commit fixes OCPBUGS-46442 https://issues.redhat.com//browse/OCPBUGS-46442 Change ubi8 builder and RHEL8 base image to UBI9. UBI9 enables to retain FIPS compliance and it is the image that is to be used in Konflux releases. Use WORKDIR /opt/app-root/src which is the default for the go-toolset working directory. * Dockerfile.openshift: Update builder image from ubi8/go-toolset:1.22 to ubi9/go-toolset:1.22. Change runtime image from RHEL8.6 ELS to UBI9 base image. * drift-cache/Dockerfile.openshift: Update drift cache Dockerfile. * .ci-operator.yaml: Update the image tag accordingly. --- .ci-operator.yaml | 2 +- Dockerfile | 10 ++++++---- drift-cache/Dockerfile | 10 ++++++---- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.ci-operator.yaml b/.ci-operator.yaml index 393a82639..1e59c02c2 100644 --- a/.ci-operator.yaml +++ b/.ci-operator.yaml @@ -1,4 +1,4 @@ build_root_image: name: release namespace: openshift - tag: rhel-8-release-golang-1.22-openshift-4.17 + tag: rhel-9-release-golang-1.22-openshift-4.17 diff --git a/Dockerfile b/Dockerfile index 669e7bb2c..965dbd5e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ # Build the manager binary -FROM registry.access.redhat.com/ubi8/go-toolset:1.22 as builder +FROM registry.access.redhat.com/ubi9/go-toolset:1.22 as builder + +WORKDIR /opt/app-root/src # Copy the go source COPY main.go main.go @@ -10,11 +12,11 @@ COPY go.mod go.mod COPY go.sum go.sum # Build -RUN GOOS=linux GOARCH=amd64 go build -tags strictfipsruntime -a -o /usr/bin/manager main.go +RUN GOOS=linux GOARCH=amd64 go build -tags strictfipsruntime -a -o manager main.go -FROM registry.redhat.io/rhel8-6-els/rhel:latest WORKDIR / -COPY --from=builder /usr/bin/manager . +FROM registry.access.redhat.com/ubi9/ubi:latest +COPY --from=builder /opt/app-root/src/manager . USER 65532:65532 diff --git a/drift-cache/Dockerfile b/drift-cache/Dockerfile index 669e7bb2c..965dbd5e2 100644 --- a/drift-cache/Dockerfile +++ b/drift-cache/Dockerfile @@ -1,5 +1,7 @@ # Build the manager binary -FROM registry.access.redhat.com/ubi8/go-toolset:1.22 as builder +FROM registry.access.redhat.com/ubi9/go-toolset:1.22 as builder + +WORKDIR /opt/app-root/src # Copy the go source COPY main.go main.go @@ -10,11 +12,11 @@ COPY go.mod go.mod COPY go.sum go.sum # Build -RUN GOOS=linux GOARCH=amd64 go build -tags strictfipsruntime -a -o /usr/bin/manager main.go +RUN GOOS=linux GOARCH=amd64 go build -tags strictfipsruntime -a -o manager main.go -FROM registry.redhat.io/rhel8-6-els/rhel:latest WORKDIR / -COPY --from=builder /usr/bin/manager . +FROM registry.access.redhat.com/ubi9/ubi:latest +COPY --from=builder /opt/app-root/src/manager . USER 65532:65532 From a96d5db77ea99c1c3c9dc68e02556eb77d67eb5e Mon Sep 17 00:00:00 2001 From: Grzegorz Piotrowski Date: Thu, 3 Jul 2025 17:28:22 +0100 Subject: [PATCH 2/2] DO NOT MERGE: Use ubi9 based aws-load-balancer-controller image --- .../aws-load-balancer-operator.clusterserviceversion.yaml | 2 +- config/manager/manager.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bundle/manifests/aws-load-balancer-operator.clusterserviceversion.yaml b/bundle/manifests/aws-load-balancer-operator.clusterserviceversion.yaml index 7f1ff4e12..1cfd3a51a 100644 --- a/bundle/manifests/aws-load-balancer-operator.clusterserviceversion.yaml +++ b/bundle/manifests/aws-load-balancer-operator.clusterserviceversion.yaml @@ -287,7 +287,7 @@ spec: - /manager env: - name: RELATED_IMAGE_CONTROLLER - value: quay.io/aws-load-balancer-operator/aws-load-balancer-controller:latest + value: quay.io/rh-ee-gpiotrow/aws-load-balancer-controller:07.03.1856 - name: TARGET_NAMESPACE valueFrom: fieldRef: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index f106d5d79..93b795069 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -79,7 +79,7 @@ spec: - name: RELATED_IMAGE_CONTROLLER # Use "latest" floating tag to avoid problems with the prunning of older mirorred images. # Ref: https://issues.redhat.com/browse/OCPBUGS-57339. - value: quay.io/aws-load-balancer-operator/aws-load-balancer-controller:latest + value: quay.io/rh-ee-gpiotrow/aws-load-balancer-controller:07.03.1856 - name: TARGET_NAMESPACE valueFrom: fieldRef: