Dockerfile multistage with bci-micro

package/Dockerfile

@@ -1,29 +1,46 @@
-FROM registry.suse.com/bci/bci-base:15.5
+# Final micro image
+FROM registry.suse.com/bci/bci-micro:15.5 AS micro
 
+
+# Temporary build stage
+FROM registry.suse.com/bci/bci-base:15.5 AS builder
+
+# Define build arguments
 ARG kube_bench_version=0.6.19
 ARG sonobuoy_version=0.57.0
+
 ARG kubectl_version=1.28.0
 ARG ARCH
 
-RUN zypper --non-interactive update \
-    && zypper --non-interactive install \
-    systemd \
-    curl \
-    jq \
-    tar \
-    awk \
-    gzip
-RUN curl -Lo ./kubectl "https://dl.k8s.io/release/v${kubectl_version}/bin/linux/${ARCH}/kubectl" && \
-    chmod +x ./kubectl && \
-    mv ./kubectl /usr/local/bin/
-RUN curl -sLf "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${sonobuoy_version}/sonobuoy_${sonobuoy_version}_linux_${ARCH}.tar.gz" | tar -xvzf - -C /usr/bin sonobuoy
-RUN curl -sLf "https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${ARCH}.tar.gz" | tar -xvzf - -C /usr/bin
-
-# Copy the files within /cfg straight from the immutable GitHub source to /etc/kube-bench/cfg/.
-RUN mkdir -p /etc/kube-bench/ && \
+# Install system packages using builder image that has zypper 
+COPY --from=micro / /chroot/
+
+# Install kubectl into micro
+RUN curl -Lo /chroot/usr/local/bin/kubectl "https://dl.k8s.io/release/v${kubectl_version}/bin/linux/${ARCH}/kubectl" && chmod +x /chroot/usr/local/bin/kubectl
+
+## Install Sonobuoy into micro
+RUN curl -sLf "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${sonobuoy_version}/sonobuoy_${sonobuoy_version}_linux_${ARCH}.tar.gz" | tar -xvzf - -C /chroot/usr/bin sonobuoy
+
+## Install kube-bench into micro
+RUN curl -sLf "https://github.com/aquasecurity/kube-bench/releases/download/v${kube_bench_version}/kube-bench_${kube_bench_version}_linux_${ARCH}.tar.gz" | tar -xvzf - -C /chroot/usr/bin
+
+## Copy the files within /cfg straight from the immutable GitHub source to /etc/kube-bench/cfg/ into micro
+RUN mkdir -p /chroot/etc/kube-bench/ && \
     curl -sLf "https://github.com/aquasecurity/kube-bench/archive/refs/tags/v${kube_bench_version}.tar.gz" | \
-    tar xvz -C /etc/kube-bench/ --strip-components=1 "kube-bench-${kube_bench_version}/cfg"
+    tar xvz -C /chroot/etc/kube-bench/ --strip-components=1 "kube-bench-${kube_bench_version}/cfg"
+
+## OS binaries to run kube-bench audit commands
+RUN zypper --installroot /chroot -n --gpg-auto-import-keys in --no-recommends findutils tar jq gawk diffutils procps systemd gzip curl  && \
+    zypper --installroot /chroot clean -a && \
+    rm -rf /chroot/var/cache/zypp/* /chroot/var/log/zypp/*
+
+# Main stage using bco-mirco as the base image
+FROM micro
+
+# Copy binaries and configuration files from builder to micro
+COPY --from=builder /chroot/ /
 
+# Copy binaries and configuration files from the local repository to micro
 COPY package/cfg/ /etc/kube-bench/cfg/
 COPY package/run.sh \
     package/run_sonobuoy_plugin.sh \