forked from intel/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-envoy
91 lines (65 loc) · 2.9 KB
/
Dockerfile-envoy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
ARG BUILD_OS=ubuntu
ARG BUILD_TAG=20.04
ARG ENVOY_VRP_BASE_IMAGE=envoy
FROM scratch AS binary
ARG TARGETPLATFORM
ENV TARGETPLATFORM=${TARGETPLATFORM:-linux/amd64}
ARG ENVOY_BINARY=envoy
ARG ENVOY_BINARY_SUFFIX=_stripped
ADD ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release${ENVOY_BINARY_SUFFIX}/envoy* /usr/local/bin/
ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml
COPY --chown=0:0 ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec /usr/local/bin/
COPY ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/schema_validator_tool /usr/local/bin/schema_validator_tool
COPY ci/docker-entrypoint.sh /
# STAGE: envoy
FROM ${BUILD_OS}:${BUILD_TAG} AS envoy
RUN apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y ca-certificates \
&& apt-get autoremove -y && apt-get clean \
&& rm -rf /tmp/* /var/tmp/* \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /etc/envoy
COPY --from=binary /usr/local/bin/envoy* /usr/local/bin/
COPY --from=binary /usr/local/bin/su-exec /usr/local/bin/
COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml
COPY --from=binary /docker-entrypoint.sh /
RUN adduser --group --system envoy
EXPOSE 10000
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
# STAGE: envoy-distroless
# gcr.io/distroless/base-debian11:nonroot
FROM gcr.io/distroless/base-debian11@sha256:49d2923f35d66b8402487a7c01bc62a66d8279cd42e89c11b64cdce8d5826c03 AS envoy-distroless
COPY --from=binary /usr/local/bin/envoy* /usr/local/bin/
COPY --from=binary /usr/local/bin/su-exec /usr/local/bin/
COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml
EXPOSE 10000
ENTRYPOINT ["/usr/local/bin/envoy"]
CMD ["-c", "/etc/envoy/envoy.yaml"]
# STAGE: envoy-google-vrp
FROM ${ENVOY_VRP_BASE_IMAGE} AS envoy-google-vrp
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y libc++1 supervisor gdb strace tshark \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /tmp/* /var/tmp/* \
&& rm -rf /var/lib/apt/lists/*
ADD configs/google-vrp/envoy-edge.yaml /etc/envoy/envoy-edge.yaml
ADD configs/google-vrp/envoy-origin.yaml /etc/envoy/envoy-origin.yaml
ADD configs/google-vrp/launch_envoy.sh /usr/local/bin/launch_envoy.sh
ADD configs/google-vrp/supervisor.conf /etc/supervisor.conf
ADD test/config/integration/certs/serverkey.pem /etc/envoy/certs/serverkey.pem
ADD test/config/integration/certs/servercert.pem /etc/envoy/certs/servercert.pem
# ADD %local envoy bin% /usr/local/bin/envoy
RUN chmod 777 /var/log/supervisor
RUN chmod a+r /etc/supervisor.conf /etc/envoy/* /etc/envoy/certs/*
RUN chmod a+rx /usr/local/bin/launch_envoy.sh
EXPOSE 10000
EXPOSE 10001
CMD ["supervisord", "-c", "/etc/supervisor.conf"]
# STAGE: envoy-tools
FROM ${BUILD_OS}:${BUILD_TAG} AS envoy-tools
COPY --from=binary /usr/local/bin/schema_validator_tool /usr/local/bin/
# Make envoy image as last stage so it is built by default
FROM envoy