Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-31576

[ENG] Migration of Red Hat Operator Base Images to UBI 9 Minimal Variants

XMLWordPrintable

    • Product / Portfolio Work
    • XL
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 75% To Do, 25% In Progress, 0% Done
    • TBD (Boaz)
    • Enhancement
    • GA
    • Hide

      PARENT: OCPSTRAT-2553 - Switch Red Hat operators and layered product base images to UBI Minimal 

      DUE DATE: The target date for this outcome is the 4.21 release for platform aligned operators, and for everybody else whatever their first release is on 4.21. (comment in parent feature)

      Show
      PARENT: OCPSTRAT-2553  - Switch Red Hat operators and layered product base images to UBI Minimal  DUE DATE: The target date for this outcome is the 4.21 release for platform aligned operators, and for everybody else whatever their first release is on 4.21. (comment i n parent feature)
    • 750
    • 1,500
    • Rox Sprint 4.10G, Rox Sprint 4.10H, Rox Sprint 4.11A
    • 100% (High)
    • 8
    • 140,625

      Goal Summary:

      This task is to track the mandatory transition of our operator and operand images to the UBI Minimal base __ image, as part of the wider initiative to reduce CVE noise and improve security posture. This change must be completed for all images targeting the OpenShift 4.21 release or later.

      Goals and expected user outcomes:

      The Red Hat Advanced Cluster Security product will have all operator and operand images rebuilt on UBI 9 Minimal base images, resulting in:

      • Reduced CVE noise from unnecessary packages
      • Improved security posture through minimal attack surface
      • Compliance with OpenShift platform requirements for the 4.21 release
      • Updated container build processes using microdnf instead of DNF package manager

      Acceptance Criteria:

      Action Required:

      1. Base Image Change: Update the base image specified in the Containerfile/Dockerfile from the current Red Hat operator image to UBI Minimal.
      2. Package Manager Update: Replace the DNF package manager with micro DNF in all build instructions for installing packages.
        Note: UBI Minimal does not include the Python runtime required by DNF.
      3. Verification: Test the resulting operator and operand images to ensure no regression in functionality and that all necessary dependencies are correctly installed using microdnf.

      Scope of Change:

      • In Scope: All operator and operand images maintained and built by the owning team.
      • Out of Scope: Dependencies pulled from RHEL AppStreams (e.g., Postgres, Redis) which are maintained by the RHEL team.

      Definition of Done:

      • All in-scope images have successfully been rebuilt using the UBI Minimal base image.
      • The use of microdnf has been verified in the image build process.
      • New images have been tested and confirmed to be fully functional.
      • The necessary PRs for the changes have been merged.

      Success Criteria or KPIs measured:

      A list of specific, measurable criteria that will be used to determine if the feature is successful. Include key performance indicators (KPIs) or other metrics., etc. Initial completion during Refinement status.

      [enter success criteria and/or KPIs here]

              rh-ee-dahouse David House
              rh-ee-dahouse David House
              Misha Sugakov
              Boaz Michaely Boaz Michaely
              ACS Automation
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: