Updating Dockerfile.rhel10 base image from base-rhel9 to base-rhel10.

[ybettan]

The base-rhel10 image is now available in the CI registry (registry.ci.openshift.org/ocp/5.0:base-rhel10),
so we can use the proper RHEL 10 base image for the DTK-10 build.

---

/assign @yevgeny-shnaidman @TomerNewman

Summary by CodeRabbit

• Chores
  • Updated the container build base image to a newer RHEL 10 image.

[coderabbitai]

Walkthrough

Dockerfile.rhel10 now uses the RHEL 10 base image instead of the RHEL 9 base image. No other build steps or labels changed.

Changes

Docker base image update

Layer / File(s)	Summary
Base image switch Dockerfile.rhel10	The FROM directive now references the RHEL 10 base image.

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Container-Privileges	❌ Error	Dockerfile.rhel10 still has no USER instruction, so the final image runs as root, and no manifest adds a restrictive securityContext to justify it.	Add a non-root USER after the final metadata RUN, or document why root is required and enforce least-privilege securityContext in runtime manifests.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly states the main change: switching Dockerfile.rhel10 to the RHEL 10 base image.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Only Dockerfile.rhel10 changed; no Ginkgo test titles were added or edited, so this check is not applicable.
Test Structure And Quality	✅ Passed	The PR only updates Dockerfile.rhel10's base image; no Ginkgo test files or test logic were changed, so the test-quality checklist is not applicable.
Microshift Test Compatibility	✅ Passed	PR only updates Dockerfile.rhel10’s base image; no new Ginkgo e2e tests or MicroShift-sensitive test changes were added.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The PR only updates Dockerfile.rhel10’s base image; no new or modified Ginkgo tests or SNO-sensitive test logic were added.
Topology-Aware Scheduling Compatibility	✅ Passed	Only Dockerfile.rhel10 changed its base image; no deployment manifests, controllers, affinity, selectors, replicas, or PDBs were modified.
Ote Binary Stdout Contract	✅ Passed	PR only changes Dockerfile.rhel10 base image; no process-level code or stdout writes were touched, so the OTE stdout contract is unaffected.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	Only Dockerfile.rhel10 changed (base-image bump); no new Ginkgo tests or network/IP logic were added, so this check is not applicable.
No-Weak-Crypto	✅ Passed	The change only updates the base image; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret/token comparisons are present.
No-Sensitive-Data-In-Logs	✅ Passed	The Dockerfile only swaps the base image and writes release metadata to a file; it contains no logging of secrets, PII, or tokens.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile.rhel10`:
- Line 1: The final image is missing an explicit non-root user declaration, so
it inherits the base image default and is flagged as running as root. Update the
Dockerfile by adding a non-root USER instruction after the last metadata-writing
RUN step, ensuring the final runtime identity is non-root. Use the existing
Dockerfile final stage context and preserve DTK runtime permissions while
switching the final user.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a26cbf00-3022-49b3-b115-7f4075535425

📥 Commits

Reviewing files that changed from the base of the PR and between 7905e32 and c2332ed.

📒 Files selected for processing (1)

• Dockerfile.rhel10

[TomerNewman]

/lgtm

[yevgeny-shnaidman]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: TomerNewman, ybettan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ybettan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ybettan]

/retest

[ybettan]

/retest

[ybettan]

/retest

[TomerNewman]

/retest

[openshift-ci]

@ybettan: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[yevgeny-shnaidman]

/verified bypass

[openshift-ci-robot]

@yevgeny-shnaidman: The verified label has been added.

Details

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.