Update hardening_manifest.yaml, Dockerfile files

cb6c5396 · Christopher Vernooy · 9b923397 · cb6c5396 · cb6c5396
Commit cb6c5396 authored Dec 11, 2020 by Christopher Vernooy
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 35 deletions

Dockerfile Dockerfile +0 -5

hardening_manifest.yaml hardening_manifest.yaml +11 -30

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,13 +4,10 @@ ARG BASE_IMAGE=ubi8
 ARG BASE_TAG=8.3
 FROM kubeflow-images-public/admission-webhook:v20190520-v0-139-gcee39dbc-dirty-0d8f4c AS base
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 # Label
 ENV LANG C.UTF-8
 RUN mkdir -p /app
 COPY --from=base /webhook /app
 RUN dnf upgrade -y && \
      dnf clean all && \
      rm -rf /var/cache/dnf
@@ -20,6 +17,4 @@ RUN find / -path /proc -prune -o -perm /2000 -exec chmod g-s {} \;
 RUN chown -R kf /app
 USER kf
 WORKDIR /app
 ENTRYPOINT [ "./webhook" ]
-HEALTHCHECK CMD ps | grep webhook | grep -v grep
\ No newline at end of file
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -3,10 +3,6 @@ apiVersion: v1
 # The repository name in registry1, excluding /ironbank/
 name: "kubeflow/admission-webhook/admission-webhook-82f41fd8878e"
-# List of tags to push for the repository in registry1
-# The most specific version should be the first tag and will be shown
-# on ironbank.dsop.io
 tags:
 - "82f41fd8878e"
 - "latest"
@@ -19,37 +15,22 @@ args:
 # Docker image labels
 labels:
  org.opencontainers.image.title: "admission-webhook-82f41fd8878e"
-  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "admission-webhook container for kubeflow 1.0.2 based on UBI 8 baase imaage"
-  # org.opencontainers.image.description: "FIXME"
+  org.opencontainers.image.licenses: "Apache-2.0"
-  ## License(s) under which contained software is distributed
+  org.opencontainers.image.url: "gcr.io/kubeflow-images-public/admission-webhook@sha256:82f41fd8878ead19616b577c537d2ff83ea576b78478b2f8819caa83eeac0ee0"
-  # org.opencontainers.image.licenses: "FIXME"
+  org.opencontainers.image.vendor: "kubeflow"
-  ## URL to find more information on the image
-  # org.opencontainers.image.url: "FIXME"
-  ## Name of the distributing entity, organization or individual
-  # org.opencontainers.image.vendor: "FIXME"
  org.opencontainers.image.version: "82f41fd8878e"
-  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "kubeflow,admission-webhook,"
-  # mil.dso.ironbank.image.keywords: "FIXME"
+  mil.dso.ironbank.image.type: "opensource"
-  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.product.name: "kubeflow"
-  # mil.dso.ironbank.image.type: "FIXME"
-  ## Product the image belongs to for grouping multiple images
-  # mil.dso.ironbank.product.name: "FIXME"
-# List of resources to make available to the offline build context
 resources:
 - tag: kubeflow-images-public/admission-webhook:v20190520-v0-139-gcee39dbc-dirty-0d8f4c
  url: docker://gcr.io/kubeflow-images-public/admission-webhook@sha256:82f41fd8878ead19616b577c537d2ff83ea576b78478b2f8819caa83eeac0ee0
-# List of project maintainers
-# FIXME: Fill in the following details for the current container owner in the whitelist
-# FIXME: Include any other vendor information if applicable
 maintainers:
 - email: "cvernooy@oteemo.com"
-#   # The name of the current container owner
+  name: "Christopher Vernooy"
-#   name: "FIXME"
+  username: "cvernooy"
-#   # The gitlab username of the current container owner
+  cht_member: true 
-#   username: "FIXME"
-#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
-# - name: "FIXME"
-#   username: "FIXME"
-#   email: "FIXME"