Skip to content

ROX-33562: Migrate main image Dockerfiles to ubi9-micro #19653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
janisz merged 8 commits into from
Apr 13, 2026
Merged

ROX-33562: Migrate main image Dockerfiles to ubi9-micro #19653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
193b761
ROX-30858: Migrate main image Dockerfiles to ubi9-micro
janisz Mar 27, 2026
98d0e01
fix save-dir-contents
janisz Mar 31, 2026
6eec73f
Apply suggestions from code review
janisz Apr 8, 2026
660d694
remove args
janisz Apr 8, 2026
d9ca952
keep old comment
janisz Apr 8, 2026
2ece508
move chown to final image
janisz Apr 8, 2026
2d6dcb7
Apply suggestion from @msugakov
janisz Apr 13, 2026
4a7a836
fix new appraoch
janisz Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 28 additions & 26 deletions image/rhel/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,42 @@
ARG RPMS_REGISTRY=registry.access.redhat.com
ARG RPMS_BASE_IMAGE=ubi9
ARG RPMS_BASE_TAG=latest
ARG BASE_REGISTRY=registry.access.redhat.com
ARG BASE_IMAGE=ubi9-minimal
ARG BASE_TAG=latest
FROM registry.access.redhat.com/ubi9:latest AS ubi-base
FROM registry.access.redhat.com/ubi9/ubi-micro:latest AS ubi-micro-base

FROM ${RPMS_REGISTRY}/${RPMS_BASE_IMAGE}:${RPMS_BASE_TAG} AS downloads
FROM ubi-base AS downloads

ARG DEBUG_BUILD=no

WORKDIR /
COPY download.sh /download.sh
RUN /download.sh

FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS stackrox_data
FROM ubi-base AS stackrox_data

RUN mkdir /stackrox-data
Comment thread
janisz marked this conversation as resolved.
RUN microdnf upgrade --nobest -y && microdnf install -y zip
RUN dnf install -y zip

WORKDIR /
COPY fetch-stackrox-data.sh .
RUN /fetch-stackrox-data.sh /stackrox-data

FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
FROM ubi-base AS package_installer

COPY --from=ubi-micro-base / /out/
COPY --from=downloads /output/rpms/ /tmp/
COPY signatures/RPM-GPG-KEY-CentOS-Official /tmp/

RUN rpm --import /tmp/RPM-GPG-KEY-CentOS-Official && \
dnf install -y \
--installroot=/out/ \
--releasever=9 \
--setopt=install_weak_deps=0 \
--nodocs \
findutils \
ca-certificates \
/tmp/postgres-libs.rpm \
/tmp/postgres.rpm && \
dnf clean all --installroot=/out/ && \
rm -rf /out/var/cache/dnf /out/var/cache/yum

FROM ubi-micro-base

ARG LABEL_VERSION
ARG LABEL_RELEASE
Expand All @@ -45,22 +59,12 @@ ENV PATH="/stackrox:$PATH" \
ROX_IMAGE_FLAVOR=${ROX_IMAGE_FLAVOR} \
ROX_PRODUCT_BRANDING=${ROX_PRODUCT_BRANDING}

COPY signatures/RPM-GPG-KEY-CentOS-Official /
COPY static-bin /stackrox/
COPY --from=package_installer /out/ /

COPY --from=downloads /output/rpms/ /tmp/
COPY static-bin /stackrox/
COPY --from=downloads /output/go/ /go/

RUN rpm --import RPM-GPG-KEY-CentOS-Official && \
microdnf -y upgrade --nobest && \
rpm -i --nodeps /tmp/postgres-libs.rpm && \
rpm -i --nodeps /tmp/postgres.rpm && \
microdnf install --setopt=install_weak_deps=0 --nodocs -y util-linux && \
microdnf clean all -y && \
rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \
# (Optional) Remove line below to keep package management utilities
rpm -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \
rm -rf /var/cache/dnf /var/cache/yum && \
RUN \
# The contents of paths mounted as emptyDir volumes in Kubernetes are saved
# by the script `save-dir-contents` during the image build. The directory
# contents are then restored by the script `restore-all-dir-contents`
Expand Down Expand Up @@ -98,5 +102,3 @@ EXPOSE 8443
USER 4000:4000

ENTRYPOINT ["/stackrox/roxctl"]

HEALTHCHECK CMD curl --insecure --fail https://127.0.0.1:8443/v1/ping
32 changes: 26 additions & 6 deletions image/rhel/konflux.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,35 @@ ENV UI_PKG_INSTALL_EXTRA_ARGS="--ignore-scripts"
RUN make -C ui build


FROM registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:69f5c9886ecb19b23e88275a5cd904c47dd982dfa370fbbd0c356d7b1047ef68
FROM registry.access.redhat.com/ubi9/ubi-micro:latest@sha256:093a704be0eaef9bb52d9bc0219c67ee9db13c2e797da400ddb5d5ae6849fa10 AS ubi-micro-base

FROM registry.access.redhat.com/ubi9/ubi:latest@sha256:6ed9f6f637fe731d93ec60c065dbced79273f1e0b5f512951f2c0b0baedb16ad AS package_installer

ARG PG_VERSION

RUN microdnf -y module enable postgresql:${PG_VERSION} && \
microdnf -y install postgresql && \
microdnf -y clean all && \
rpm --verbose -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \
rm -rf /var/cache/dnf /var/cache/yum
COPY --from=ubi-micro-base / /out/

RUN dnf module enable -y \
--installroot=/out/ \
--setopt=reposdir=/etc/yum.repos.d \
--releasever=9 \
postgresql:${PG_VERSION} && \
dnf install -y \
--installroot=/out/ \
--setopt=reposdir=/etc/yum.repos.d \
--releasever=9 \
--setopt=install_weak_deps=0 \
--nodocs \
ca-certificates \
findutils \
openssl \
postgresql && \
dnf clean all --installroot=/out/ && \
rm -rf /out/var/cache/dnf /out/var/cache/yum

FROM ubi-micro-base

COPY --from=package_installer /out/ /

COPY --from=ui-builder /go/src/github.com/stackrox/rox/app/ui/build /ui/

Expand Down
Loading