hardening updates

e0811060 · SonicDeathMonkey · 81371ed0 · e0811060 · e0811060 · e0811060
Commit e0811060 authored Dec 16, 2020 by SonicDeathMonkey
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 33 deletions

.gitignore .gitignore +11 -0

Dockerfile Dockerfile +0 -6

hardening_manifest.yaml hardening_manifest.yaml +19 -27

No files found.
--- a/.gitignore
+++ b/.gitignore
+*.rpm
+*.rpm.dependencies
+*.rpm.sha256sum
+*.whl*
+*.gz*
+pip-20.2.2-py2.py3-none-any.whl
+Python-3.6.12.tgz
+archive.key
+build-container.sh
+python-libs_filelist.txt
+.env
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER root
-ARG IMAGE_VERSION='5.5.2'
-ENV IMAGE_VERSION=${IMAGE_VERSION}
-ARG DOCKER_UPSTREAM_TAG
-ENV CONFLUENT_VERSION=${DOCKER_UPSTREAM_TAG}
 ENV ZOOKEEPER_CONFIG_DIR=/mnt/config
 ENV ZOOKEEPER_SECRETS_DIR=/mnt/secrets
 ENV ZOOKEEPER_LOG4J_DIR=/mnt/log
@@ -20,7 +15,6 @@ ENV ZOOKEEPER_DATA_DIR=/mnt/data/data
 ENV DOCKER_SCRIPT_DIR=/opt/caas/bin
 ENV COMPONENT_SCRIPT_DIR=/opt/confluent/etc
 WORKDIR /opt
 COPY opt/caas/lib/ /opt/caas/lib/

--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -9,8 +9,9 @@ name: "confluent/confluent-component-operator/cp-zookeeper-operator-5.5.x"
 # on ironbank.dsop.io
 tags:
 - "5.5.2"
- "latest"
+- "5.5.x"
+- "5.5"
 # Build args passed to Dockerfile ARGs
 args:
  BASE_IMAGE: "redhat/openjdk/openjdk11"
@@ -19,35 +20,26 @@ args:
 # Docker image labels
 labels:
  org.opencontainers.image.title: "cp-zookeeper-operator-5.5.x"
-  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "Confluent Operator image for cp-zookeeper-operator."
-  # org.opencontainers.image.description: "FIXME"
+  org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE"
-  ## License(s) under which contained software is distributed
+  org.opencontainers.image.url: "https://docs.confluent.io/5.5.2/installation/operator/index.html"
-  # org.opencontainers.image.licenses: "FIXME"
+  org.opencontainers.image.vendor: "Confluent"
-  ## URL to find more information on the image
-  # org.opencontainers.image.url: "FIXME"
-  ## Name of the distributing entity, organization or individual
-  # org.opencontainers.image.vendor: "FIXME"
  org.opencontainers.image.version: "5.5.2"
-  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "confluent,kafka,zookeeper,operator"
-  # mil.dso.ironbank.image.keywords: "FIXME"
+  mil.dso.ironbank.image.type: "commercial"
-  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.product.name: "Confluent Platform"
-  # mil.dso.ironbank.image.type: "FIXME"
-  ## Product the image belongs to for grouping multiple images
-  # mil.dso.ironbank.product.name: "FIXME"
 # List of resources to make available to the offline build context
 resources: []
 # List of project maintainers
-# FIXME: Fill in the following details for the current container owner in the whitelist
-# FIXME: Include any other vendor information if applicable
 maintainers:
- email: "confluentfed@confluent.io"
+- name: "Scott Stroud"
-#   # The name of the current container owner
+  username: "scottstroud"
-#   name: "FIXME"
+  email: "confluent-fed@confluent.io"
-#   # The gitlab username of the current container owner
+  cht_member: false  
-#   username: "FIXME"
+- name: "Preston McGowan"
-#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+  username: "preston.mcgowan"
-# - name: "FIXME"
+  email: "confluent-fed@confluent.io"
-#   username: "FIXME"
+  cht_member: false  
-#   email: "FIXME"
\ No newline at end of file