diff --git a/Dockerfile b/Dockerfile
index d87a336bbbeac205a297444bcc3a1c1bb9afa9e0..3a05cc3e034c802dbe8b15235f4f31ab4506baf8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,8 @@ ARG BASE_TAG=latest
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
-ENV CONFLUENT_VERSION=7.2.1
+ENV COMPONENT=kafka-connect
+ENV CONFLUENT_VERSION=7.2.2
# This affects how strings in Java class files are interpreted.
# We want UTF-8 and this is the only locale in the base image that supports it
@@ -12,33 +13,31 @@ ENV LANG="C.UTF-8"
USER root
-# Copy required RPMs
-COPY *.rpm /tmp/
-COPY archive.key /tmp/
-COPY LICENSE /licenses
-
-ENV COMPONENT=kafka-connect
# allow arg override of required env params
ARG KAFKA_ZOOKEEPER_CONNECT
ENV KAFKA_ZOOKEEPER_CONNECT=${KAFKA_ZOOKEEPER_CONNECT}
ARG KAFKA_ADVERTISED_LISTENERS
ENV KAFKA_ADVERTISED_LISTENERS=${KAFKA_ADVERTISED_LISTENERS}
+ENV CONNECT_PLUGIN_PATH=/usr/share/java/,/usr/share/confluent-hub-components/
+
+COPY *.rpm /tmp/
+COPY LICENSE /licenses
+COPY Dockerfile /etc/confluent/ironbank/
+COPY hardening_manifest.yaml /etc/confluent/ironbank/
+
+COPY --chown=appuser:appuser scripts/include/etc/confluent/docker /etc/confluent/docker
+
# primary
EXPOSE 9092
# rest
EXPOSE 8083
-## For auditing & debugging
-COPY Dockerfile /etc/confluent/ironbank/
-COPY hardening_manifest.yaml /etc/confluent/ironbank/
-
RUN echo "===> Dependency update" \
- && dnf update -y --nodocs \
+ && dnf update -y --nodocs \
&& echo "===> Installing ${COMPONENT}" \
- && rpm --import /tmp/archive.key \
- && rpm -ivh --nodigest /tmp/confluent-common-*.noarch.rpm \
+ && dnf install -y /tmp/confluent-common-*.noarch.rpm \
/tmp/confluent-rest-utils-*.noarch.rpm \
/tmp/confluent-metadata-service-*.noarch.rpm \
/tmp/confluent-server-*.noarch.rpm \
@@ -53,22 +52,18 @@ RUN echo "===> Dependency update" \
/tmp/confluent-control-center-fe-*.noarch.rpm \
/tmp/confluent-hub-client-*.noarch.rpm \
/tmp/confluent-kafka-connect-replicator-*.noarch.rpm \
- && echo "===> Clean up, Clean up" \
- && dnf clean all \
- && yum clean all \
- && rm -rf /tmp/* \
- && rm -rf /var/cache/dnf \
&& echo "===> Setting up ${COMPONENT} dirs ..." \
- && mkdir -p /usr/share/confluent-hub-components /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \
- && chown appuser:root -R /etc/${COMPONENT} /usr/logs /etc/schema-registry /usr/share/confluent-hub-components /var/log/kafka /var/log/confluent /var/lib/kafka /var/lib/zookeeper /etc/kafka/secrets \
- && chmod -R ug+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /etc/schema-registry
-
-ENV CONNECT_PLUGIN_PATH=/usr/share/java/,/usr/share/confluent-hub-components/
+ && mkdir -p /usr/share/confluent-hub-components /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \
+ && chown appuser:root -R /etc/${COMPONENT} /usr/logs /etc/schema-registry /usr/share/confluent-hub-components /var/log/kafka /var/log/confluent /var/lib/kafka /var/lib/zookeeper /etc/kafka/secrets \
+ && chmod -R ug+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /etc/schema-registry \
+ && chown -R appuser:appuser /etc/confluent \
+ && echo "===> Clean up, Clean up" \
+ && dnf clean all \
+ && yum clean all \
+ && rm -rf /tmp/* /var/cache/dnf
VOLUME ["/var/lib/kafka/data", "/etc/kafka/secrets", "/etc/${COMPONENT}/jars", "/etc/${COMPONENT}/secrets"]
-COPY --chown=appuser:appuser scripts/include/etc/confluent/docker /etc/confluent/docker
-
USER appuser
CMD ["/etc/confluent/docker/run"]
@@ -79,4 +74,4 @@ CMD ["/etc/confluent/docker/run"]
# Retry period : 8 minutes (after which container is deemed unhealthy)
# All settings can be overriden at run-time in Docker/Docker Compose.
HEALTHCHECK --start-period=120s --interval=5s --timeout=10s --retries=96 \
- CMD /usr/bin/kafka-topics --version
+ CMD /usr/bin/kafka-topics --version
\ No newline at end of file
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 0155895d3191fa2f75facc5837e4324dfabbc84b..d21c352f1567c5a2338f825535db2aaec37ef088 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -6,14 +6,14 @@ name: "confluentinc/cp-enterprise-replicator"
# The most specific version should be the first tag and will be shown
# on ironbank.dso.mil
tags:
- - "7.2.1-1-ubi8"
- - "7.2.1"
+ - "7.2.2-1-ubi8"
+ - "7.2.2"
- "7.2.x"
- "7.2"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "confluentinc/cp-base-new"
- BASE_TAG: "Q2_2022"
+ BASE_TAG: "Q3_2022"
# Docker image labels
labels:
org.opencontainers.image.title: "cp-enterprise-replicator"
@@ -21,91 +21,86 @@ labels:
org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE"
org.opencontainers.image.url: "https://docs.confluent.io/platform/current/overview.html"
org.opencontainers.image.vendor: "Confluent"
- org.opencontainers.image.version: "7.2.1"
+ org.opencontainers.image.version: "7.2.2"
mil.dso.ironbank.image.keywords: "confluent,cflt,kafka,replicator,operator,cfk"
mil.dso.ironbank.image.type: "commercial"
mil.dso.ironbank.product.name: "Confluent Platform"
resources:
- - filename: archive.key
- url: https://packages.confluent.io/rpm/7.2/archive.key
+ - filename: confluent-common-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-common-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd
- - filename: confluent-common-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-common-7.2.1-1.noarch.rpm
+ value: 04a4496b5b258c1395afc07ea5021e20395e8eb4958a0cc25a793fd1d661ab86
+ - filename: confluent-rebalancer-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-rebalancer-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 88cb32f4db2b78ddfd8abddcc7f34a6d4ca2bb1dd807becfd4e93c9448790daa
- - filename: confluent-rebalancer-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-rebalancer-7.2.1-1.noarch.rpm
+ value: 9db74b754c24b224793b1c0c11350c15aece745d0a8204fea2659b86523ecad4
+ - filename: confluent-rest-utils-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-rest-utils-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 9d207c10c8d6f6ce49a1f481f47610f35b4ab43067063b393c7213de7e20ce67
- - filename: confluent-rest-utils-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-rest-utils-7.2.1-1.noarch.rpm
+ value: 2723c538f362706f2bff8903ffd9b199da5d4e203ebc8945c7494934082ec6f0
+ - filename: confluent-security-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-security-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: bf7fb81b49fe03d36f8ac9523dfff5f2f19951586a99b9d00de6199b37ccde9c
- - filename: confluent-security-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-security-7.2.1-1.noarch.rpm
+ value: 9ab0616e65106c2ac8b8609818fadc2ab443e26935fb995f9d6df6f98eb794bc
+ - filename: confluent-metadata-service-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-metadata-service-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 3ea78af130b8254c6791a7cc901a7896a534d5aef855f207add248e09b2798ba
- - filename: confluent-metadata-service-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-metadata-service-7.2.1-1.noarch.rpm
+ value: 64b59d07552795c58a38d71f93a2f211fee32ee68b36f5e08dece42ca096d299
+ - filename: confluent-server-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-server-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: b239f893749474bafbd99cf61a3e12878df5c6246ec109cc1be8e17df3e01e0c
- - filename: confluent-server-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-server-7.2.1-1.noarch.rpm
+ value: 8ea7a535d7f4ae4366d85730e50c2ec061d3bb24523914cf7071757d076b3145
+ - filename: confluent-ce-kafka-http-server-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-ce-kafka-http-server-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: a655eec4576c8586720306f9abda728a859c3fb10727e96fe356c9441cb71edf
- - filename: confluent-ce-kafka-http-server-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-ce-kafka-http-server-7.2.1-1.noarch.rpm
+ value: 452ea9a8a648b24c93d8503cfc4ce3ce9d9cf2582eda460aafcda6f1ed964cf1
+ - filename: confluent-server-rest-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-server-rest-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 3bffad1b3d10ecad9bc0cf7dc016f0621236dedcd14a8cb1964f570f5d597915
- - filename: confluent-server-rest-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-server-rest-7.2.1-1.noarch.rpm
+ value: 792c41c7792d3d39c1247d0b6491ca6b26cf92a45294348f4d7f23b07ce8823d
+ - filename: confluent-telemetry-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-telemetry-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 78ece747a7d76f0a8bd84e70b470dce9e5f6114233a897802ae689c6381c9829
- - filename: confluent-telemetry-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-telemetry-7.2.1-1.noarch.rpm
+ value: 75f42c016062a10f415dc4401971ca57d3e6185af193f549d3b3ae7b92c85587
+ - filename: confluent-kafka-rest-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-kafka-rest-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 5d24ab57555e884acdf01e01b6bccce24e1caead8a0331afc8c0b9f31e8738c7
- - filename: confluent-kafka-rest-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-kafka-rest-7.2.1-1.noarch.rpm
+ value: dd96a4629bd3eccfc0a2303cfa20d1e4c154de07b7a41b8d3ea82252c2548823
+ - filename: confluent-hub-client-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-hub-client-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 0701c97adcaf9f3dd77714e75df349298160c183a200343b802ccc6075687c32
- - filename: confluent-hub-client-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-hub-client-7.2.1-1.noarch.rpm
+ value: 33b08e8d3b4730d9dd8597e5659e33c85b547a7701325bc4c415b91d24aa6f20
+ - filename: confluent-control-center-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-control-center-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 0d2489cb248bcd483f9c808ed152641a06f35da74a317e082a76fc839f6f8a92
- - filename: confluent-control-center-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-control-center-7.2.1-1.noarch.rpm
+ value: 181006b4ec8025e9d6f8a7270e048e476e2feb59bb11ef8f18089ea7243dddb1
+ - filename: confluent-control-center-fe-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-control-center-fe-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: b1962ac73d3a538004f32e816765abe99b21e73f03805c5e4246fd43228b2aa5
- - filename: confluent-control-center-fe-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-control-center-fe-7.2.1-1.noarch.rpm
+ value: 48e2eda7aa887ba39b435ec3b2afaa0759e32d858974f9a3985fc8aca20478b3
+ - filename: confluent-schema-registry-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-schema-registry-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 595984382d5ab9c2a4ed44fce9a5fcad2768fcf4d4f787d60799d831fa6e9b81
- - filename: confluent-schema-registry-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-schema-registry-7.2.1-1.noarch.rpm
+ value: c652963a0cac13a28308d68c632a810d85f2ce71d6606b64b958b2c003aa9eb1
+ - filename: confluent-kafka-connect-replicator-7.2.2-1.noarch.rpm
+ url: https://packages.confluent.io/rpm/7.2/confluent-kafka-connect-replicator-7.2.2-1.noarch.rpm
validation:
type: sha256
- value: 4268ccfcb251e8e136276c38f2b44cb6782e1125c241d1df756a3493a1815816
- - filename: confluent-kafka-connect-replicator-7.2.1-1.noarch.rpm
- url: https://packages.confluent.io/rpm/7.2/confluent-kafka-connect-replicator-7.2.1-1.noarch.rpm
- validation:
- type: sha256
- value: 290c4d3a827dc96cbf90d4fd4382609a5bb1862aa1055cdec425890e9ade6dd6
+ value: 2bb052377dfcf6d7ab2fb738379fe88d9f85f9c46e05d3de2c89378683963e7c
# List of project maintainers
maintainers:
- name: "Scott Stroud"