forked from kyma-incubator/reconciler
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.cr
51 lines (37 loc) · 1.58 KB
/
Dockerfile.cr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Istioctl source images
FROM eu.gcr.io/kyma-project/external/istio/istioctl:1.14.4 AS istio-1_14_4
FROM eu.gcr.io/kyma-project/external/istio/istioctl:1.15.3 AS istio-1_15_3
FROM eu.gcr.io/kyma-project/external/istio/istioctl:1.16.1 AS istio-1_16_1
# Build image
FROM golang:1.19.3-alpine3.16 AS build
ENV SRC_DIR=/go/src/github.com/kyma-incubator/reconciler
COPY . $SRC_DIR
RUN mkdir /user && \
echo 'appuser:x:2000:2000:appuser:/:' > /user/passwd && \
echo 'appuser:x:2000:' > /user/group
WORKDIR $SRC_DIR
RUN go mod download
COPY configs /configs
RUN CGO_ENABLED=0 go build -o /bin/reconciler -ldflags '-s -w' ./cmd/reconciler/main.go
# Get latest CA certs
# hadolint ignore=DL3007
FROM alpine:latest as certs
RUN apk add --no-cache ca-certificates
# Final image
FROM scratch
LABEL [email protected]:kyma-incubator/reconciler.git
# Add SSL certificates
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# Add system users
COPY --from=build /user/group /user/passwd /etc/
# Add reconciler
COPY --from=build /bin/reconciler /bin/reconciler
COPY --from=build /configs/ /configs/
# Add istioctl tools
COPY --from=istio-1_14_4 /usr/local/bin/istioctl /bin/istioctl-1.14.4
COPY --from=istio-1_15_3 /usr/local/bin/istioctl /bin/istioctl-1.15.3
COPY --from=istio-1_16_1 /usr/local/bin/istioctl /bin/istioctl-1.16.1
# For multiple istioctl binaries, provide their paths separated with a semicolon (;) like in the Linux PATH variable.
ENV ISTIOCTL_PATH=/bin/istioctl-1.14.4;/bin/istioctl-1.15.3;/bin/istioctl-1.16.1
USER appuser:appuser
CMD ["/bin/reconciler"]