diff --git a/Dockerfile b/Dockerfile index 7f804bea..b4e7b4e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,14 +5,14 @@ # Use 'docker build --target= .' to build one. # e.g. `docker build --target=dev .` # -# All non-dev targets have a VERSION argument that must be provided -# via --build-arg=VERSION= when building. +# All non-dev targets have a VERSION argument that must be provided +# via --build-arg=VERSION= when building. # e.g. --build-arg VERSION=1.11.2 # -# `default` is the production docker image which cannot be built locally. +# `default` is the production docker image which cannot be built locally. # For local dev and testing purposes, please build and use the `dev` docker image. -FROM docker.mirror.hashicorp.services/alpine:3.20.3 as dev +FROM docker.mirror.hashicorp.services/alpine:3.20.3 AS dev RUN addgroup vault && \ adduser -S -G vault vault @@ -24,7 +24,7 @@ USER vault ENTRYPOINT ["/vault-k8s"] # This target creates a production release image for the project. -FROM docker.mirror.hashicorp.services/alpine:3.20.3 as default +FROM docker.mirror.hashicorp.services/alpine:3.20.3 AS default # PRODUCT_VERSION is the tag built, e.g. v0.1.0 # PRODUCT_REVISION is the git hash built @@ -41,10 +41,13 @@ LABEL name="Vault K8s" \ version=$PRODUCT_VERSION \ release=$PRODUCT_VERSION \ revision=$PRODUCT_REVISION \ + org.opencontainers.image.licenses="MPL-2.0" \ summary="The Vault-K8s binary includes first-class integrations between Vault and Kubernetes." \ description="Vault-K8s includes first-class integrations between Vault and Kuberentes. Integrations include the Vault Agent Injector mutating admission webhook." COPY LICENSE /licenses/mozilla.txt +# Copy license to conform to HC IPS-002 +COPY LICENSE /usr/share/doc/$PRODUCT_NAME/LICENSE.txt # Create a non-root user to run the software. RUN addgroup vault && \ @@ -63,7 +66,7 @@ ENTRYPOINT ["/bin/vault-k8s"] # This target creates a production ubi release image # for the project for use on OpenShift. -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1086 as ubi +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1086 AS ubi ARG PRODUCT_NAME ARG PRODUCT_VERSION @@ -84,19 +87,22 @@ LABEL name="Vault K8s" \ vendor="HashiCorp" \ version=$PRODUCT_VERSION \ release=$PRODUCT_VERSION \ + org.opencontainers.image.licenses="MPL-2.0" \ summary="The Vault-K8s binary includes first-class integrations between Vault and Kubernetes." \ description="Vault-K8s includes first-class integrations between Vault and Kuberentes. Integrations include the Vault Agent Injector mutating admission webhook." # Copy license for Red Hat certification. COPY LICENSE /licenses/mozilla.txt +# Copy license to conform to HC IPS-002 +COPY LICENSE /usr/share/doc/$PRODUCT_NAME/LICENSE.txt # Set up certificates and base tools. RUN set -eux && \ microdnf install -y ca-certificates gnupg openssl tzdata wget unzip procps shadow-utils # Create a non-root user to run the software. -# On OpenShift, this will not matter since the container -# is run as a random user and group. +# On OpenShift, this will not matter since the container +# is run as a random user and group. # This is just kept for consistency with our other images. RUN groupadd --gid 1000 vault && \ adduser --uid 100 --system -g vault vault && \