Use UBI shell

Dockerfile

@@ -3,12 +3,11 @@ ARG BASE_IMAGE=ironbank/google/distroless/static
 ARG BASE_TAG=nonroot
 
 FROM gcr.io/kaniko-project/executor:v1.6.0-debug as upstream
-
-FROM busybox:1.32.1 as busybox
+FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 AS shell
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
-ENV PATH /kaniko:/busybox
+ENV PATH /kaniko:/usr/bin
 ENV SSL_CERT_DIR=/kaniko/ssl/certs
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
@@ -16,8 +15,10 @@ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_co
 # Kaniko REQUIRES to run as root. This is noted in the readme with documentation.
 USER 0
 
-# Copy out all binary files
-COPY --from=busybox /bin /busybox
+# Copy over shell from UBI to localshell
+COPY --from=shell /usr/bin /usr/bin
+# Required for UBI shell to function properly
+COPY --from=shell /lib64 /lib64
 RUN ["mkdir", "-p", "/kaniko", "/kaniko/.docker", "/workspace", "/kaniko/ssl/certs"]
 RUN ["cp", "/etc/ssl/certs/ca-certificates.crt", "/kaniko/ssl/certs/ca-certificates.crt"]
 COPY --from=upstream /kaniko/docker-credential-acr /kaniko/docker-credential-acr
@@ -26,10 +27,9 @@ COPY --from=upstream /kaniko/docker-credential-gcr /kaniko/docker-credential-gcr
 COPY --from=upstream /kaniko/executor /kaniko/executor
 COPY --from=upstream /kaniko/warmer /kaniko/warmer
 
-# Copy over blank configs for override
+# # Copy over blank configs for override
 COPY --from=upstream /kaniko/.config /kaniko/.config
 WORKDIR /workspace
 
 HEALTHCHECK NONE
-
 ENTRYPOINT ["executor"]