I’m implementing Ignition in a highly cyber secure environment and I’d like to use containers, but I will need to rebuild the Ignition container using an OCI hardened image as the base layer (instead of Ubuntu 24.04 that Inductive uses).
It would be nice if Ignition shared the image build script/layers for generating the “official” images so I could reconstruct a container without all the CVE’s and have it pass a cyber audit. Does Inductive publish (or can they) the Ignition container source scripts?
In lieu of that, I’ve found some older Git projects that generate Ignition containers that seem to be more complicated than the existing one and I’m concerned it doesn’t have the support for the same container features found in the Ignition documentation. Is there a reliable source for an Ignition container that can be changed to a hardened OCI image?
Ideally I’d like to change the base OS to Redhat 9.5 (or up to 10 later when it is approved), any pitfalls to changing from Ubuntu 24.04 to Redhat (aside from the STIG’d environment that makes everything a nightmare)?
P.S. Yes I’ve examined the layers, but there are a few scripts and looks like a file that are transferred that aren’t in the layer definition explicitly…