From 28bbf3c8722cd2d7e1ea25676c8c8a0534fc1f73 Mon Sep 17 00:00:00 2001
From: Dahyeon Kang <73868703+dusdjhyeon@users.noreply.github.com>
Date: Wed, 17 Jul 2024 13:23:23 +0900
Subject: [PATCH] UBI migration of Images - chaoscenter (#4753)

* feat: ubi-migration chaoscenter/authentication

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

* feat: ubi-migration chaoscenter/event-tracker

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

* feat: ubi-migration chaoscenter/graphql-server

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

* feat: ubi-migration chaoscenter/subscriber

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

* refactor: app user dir uniformity

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

* refactor: modify permissions

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>

---------

Signed-off-by: dusdjhyeon <dusdj0813@gmail.com>
Co-authored-by: Namkyu Park <53862866+namkyu1999@users.noreply.github.com>
Co-authored-by: Vedant Shrotria <vedant.shrotria@harness.io>
---
 chaoscenter/authentication/Dockerfile | 12 ++++++++----
 chaoscenter/event-tracker/Dockerfile  | 16 +++++++++++-----
 chaoscenter/graphql/server/Dockerfile | 24 +++++++++++++++---------
 chaoscenter/subscriber/Dockerfile     | 14 +++++++++-----
 4 files changed, 43 insertions(+), 23 deletions(-)

diff --git a/chaoscenter/authentication/Dockerfile b/chaoscenter/authentication/Dockerfile
index d43c8116198..a176a4a2d76 100644
--- a/chaoscenter/authentication/Dockerfile
+++ b/chaoscenter/authentication/Dockerfile
@@ -15,13 +15,17 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/server -v ./api/
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/server /litmus
+ENV APP_DIR="/litmus"
+
+COPY --from=builder /output/server $APP_DIR/
+RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
+
+WORKDIR $APP_DIR
+USER 65534
 
 CMD ["./server"]
 
diff --git a/chaoscenter/event-tracker/Dockerfile b/chaoscenter/event-tracker/Dockerfile
index 88255096d80..1777dbd6221 100644
--- a/chaoscenter/event-tracker/Dockerfile
+++ b/chaoscenter/event-tracker/Dockerfile
@@ -16,12 +16,18 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/event-tracker -v
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/event-tracker /litmus
+ENV APP_DIR="/litmus"
 
-CMD ["./event-tracker"]
\ No newline at end of file
+COPY --from=builder /output/event-tracker $APP_DIR/
+RUN chown 65534:0 $APP_DIR/event-tracker && chmod 755 $APP_DIR/event-tracker
+
+WORKDIR $APP_DIR
+USER 65534
+
+CMD ["./event-tracker"]
+
+EXPOSE 8080
\ No newline at end of file
diff --git a/chaoscenter/graphql/server/Dockerfile b/chaoscenter/graphql/server/Dockerfile
index f4e9b9eb948..4a31543e36a 100644
--- a/chaoscenter/graphql/server/Dockerfile
+++ b/chaoscenter/graphql/server/Dockerfile
@@ -11,21 +11,27 @@ WORKDIR /gql-server
 
 ENV GOOS=${TARGETOS} \
     GOARCH=${TARGETARCH}
-    
+
 RUN go env
 RUN CGO_ENABLED=0 go build -o /output/server -v
 
 ## DEPLOY STAGE
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+# Use Red Hat UBI minimal image as base
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/server /litmus
-# Copy manifests and change the group to 0(root) to make it Openshift friendly
-# as Openshift runs container with an arbitrary uid that in the root group
-COPY --chown=litmus:0 --chmod=750 ./manifests/. /litmus/manifests
+ENV APP_DIR="/litmus"
+
+COPY --from=builder /output/server $APP_DIR/
+COPY ./manifests/. $APP_DIR/manifests
+
+RUN chown -R 65534:0 $APP_DIR/manifests && chmod -R 755 $APP_DIR/manifests
+RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
+
+WORKDIR $APP_DIR
+USER 65534
+
 CMD ["./server"]
 
-EXPOSE 8080
+EXPOSE 8080
\ No newline at end of file
diff --git a/chaoscenter/subscriber/Dockerfile b/chaoscenter/subscriber/Dockerfile
index 427f92ccfde..9c20c584d02 100644
--- a/chaoscenter/subscriber/Dockerfile
+++ b/chaoscenter/subscriber/Dockerfile
@@ -16,12 +16,16 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/subscriber -v
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/subscriber /litmus
+ENV APP_DIR="/litmus"
 
-CMD ["./subscriber"]
+COPY --from=builder /output/subscriber $APP_DIR/
+RUN chown 65534:0 $APP_DIR/subscriber && chmod 755 $APP_DIR/subscriber
+
+WORKDIR $APP_DIR
+USER 65534
+
+CMD ["./subscriber"]
\ No newline at end of file