From 66329f0284d79a7ad8e920091520aecfb20ff32f Mon Sep 17 00:00:00 2001
From: James Busche <jbusche@us.ibm.com>
Date: Tue, 26 Mar 2024 10:23:54 -0700
Subject: [PATCH] CARRY: FIPS enabled for operator image (#1)

Signed-off-by: James Busche <jbusche@us.ibm.com>
---
 build/images/training-operator/Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/build/images/training-operator/Dockerfile b/build/images/training-operator/Dockerfile
index 6ceff2d664..e0d27ca91c 100644
--- a/build/images/training-operator/Dockerfile
+++ b/build/images/training-operator/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM registry.access.redhat.com/ubi9/go-toolset:1.20.10 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -13,11 +13,13 @@ RUN go mod download
 COPY . .
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o manager cmd/training-operator.v1/main.go
+USER root
+RUN CGO_ENABLED=1 GOOS=linux GO111MODULE=on go build -tags strictfipsruntime -a -o manager cmd/training-operator.v1/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 WORKDIR /
 COPY --from=builder /workspace/manager .
+USER 65532:65532
 ENTRYPOINT ["/manager"]