Create Hardend Base Image and Zookeeper Image

[patrickrochemn]

Enhanced PR Description for Hardened Base and Zookeeper Images

Overview

This Pull Request introduces a hardened base image and a Zookeeper container image to enhance security. The key focus is on leveraging a more secure base and manually updating libraries to address known security vulnerabilities.

Changes

• Alpine Base Image: Switched to using Alpine Linux as the base image instead of Fedora Minimal. This change provides:

  • A smaller and more secure footprint.
  • More accurate security scans due to Alpine's minimalistic nature.

• Manual Library Updates:

  • Identified and manually updated JAR files that had known security issues.
  • Ensured that all updates are compatible with the existing system requirements.

• Combined "RUN" Statements:

  • Combined RUN statements in Dockerfile into groupings

Impact

• Security Enhancement: The shift to a more minimalistic and secure base image significantly reduces the potential attack surface.
• Performance: Alpine's lightweight nature may contribute to better performance of the container images. Combining RUN statements also reduces build layers and as a result reduces final image size
• Compatibility: Care has been taken to ensure compatibility with existing systems and dependencies.

Testing

• Testing has been conducted by building the container images and launching the hardened Zookeeper alongside a Kafka broker container and confirming that the Kafka broker is successfully managed
• Security scans have been performed to validate the reduction in vulnerabilities using Twistlock/PrismaCloud.

Additional Notes

• Feedback on any potential compatibility issues or performance impacts is highly appreciated.
• Further enhancements or security patches will need to be continuously monitored and updated as needed
• This PR serves as a starting point for creating similar hardend container images for the remaining Debezium/Kafka container images in this repo