-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathDockerfile
191 lines (166 loc) · 6 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# Copyright 2021 The Cloud Robotics Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM golang:1.22 AS proto_base
LABEL stage=intermediate
WORKDIR /
# Install protoc compiler
RUN apt -qq update && apt -qq install -y unzip && \
mkdir /protoc && \
curl -LO "https://github.com/protocolbuffers/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-x86_64.zip" && \
unzip -q "protoc-3.17.3-linux-x86_64.zip" -d /protoc
# Install protoc Go plugin
RUN go install "google.golang.org/protobuf/cmd/[email protected]"
# Generates Go code from .proto files
FROM proto_base AS proto_generator
LABEL stage=intermediate
# Copy entire repository to image
COPY . /code
WORKDIR /code/src/proto
RUN bash ./proto-generate.sh
WORKDIR /code/src/go
RUN bash ./crd-generate.sh
# Installs helm by unpacking .tar.gz provided in /third_party of this project.
FROM golang:1.22 AS helm_base
LABEL stage=intermediate
# Copy entire repository to image
COPY . /code
# Installs helm to file /helm_bin/linux-amd64/helm
RUN mkdir /helm_bin && tar -xf /code/third_party/helm/helm-v2.17.0-linux-amd64.tar.gz -C /helm_bin
# Build go code into binaries
FROM helm_base AS builder
LABEL stage=intermediate
ARG SKIP_TESTS=false
WORKDIR /code
# Run all unit tests unless SKIP_TESTS is true
RUN if [ "$SKIP_TESTS" = "false" ] ; then \
echo "commencing tests..." && \
go test ./src/go/pkg/... ./src/go/cmd/... ; \
elif [ "$SKIP_TESTS" = "true" ] ; then \
echo "unit tests skipped." ; \
else \
echo "SKIP_TESTS must be either 'true' or 'false'. Your input: SKIP_TESTS='$SKIP_TESTS'." && \
exit 95 ; \
fi
# Build go executables into binaries
RUN mkdir /build && GOBIN=/build \
GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go install -mod vendor -a ./...
# Package helm charts for setup-robot
RUN mkdir /charts && /helm_bin/linux-amd64/helm init --client-only --stable-repo-url https://k8s-at-home.com/charts && \
/helm_bin/linux-amd64/helm package -u ./charts/base-robot --destination /charts
# Executable container bases
# --------------------------
FROM alpine:3.19 AS ssl_runner
# Install SSL ca certificates
RUN apk add --no-cache ca-certificates
# Create user to be used in executable containers
# Add a non-root user matching the nonroot user from the main container
RUN addgroup -g 65532 -S nonroot && adduser -u 65532 -S nonroot -G nonroot
# Set the uid as an integer for compatibility with runAsNonRoot in Kubernetes
USER 65532
FROM alpine:3.19 AS ssl_iptables_root_runner
# Install SSL ca certificates
RUN apk add --no-cache ca-certificates iptables
# Executables
# -----------------
FROM ssl_runner AS app-auth-proxy
ARG EFFECTIVE_VERSION
LABEL app=app-auth-proxy
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/app-auth-proxy /app-auth-proxy
EXPOSE 8000
ENTRYPOINT [ "./app-auth-proxy" ]
FROM ssl_runner AS app-rollout-controller
ARG EFFECTIVE_VERSION
LABEL app=app-rollout-controller
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/app-rollout-controller /app-rollout-controller
ENTRYPOINT [ "./app-rollout-controller" ]
FROM ssl_runner AS chart-assignment-controller
ARG EFFECTIVE_VERSION
LABEL app=chart-assignment-controller
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
# Helm used by init container
COPY --from=builder /helm_bin/linux-amd64/helm /helm
COPY --from=builder /build/chart-assignment-controller /chart-assignment-controller
ENTRYPOINT [ "./chart-assignment-controller" ]
FROM ssl_runner AS cr-syncer
ARG EFFECTIVE_VERSION
LABEL app=cr-syncer
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/cr-syncer /cr-syncer
ENTRYPOINT [ "./cr-syncer" ]
FROM ssl_runner AS crd-generator
ARG EFFECTIVE_VERSION
LABEL app=crd-generator
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/crd-generator /crd-generator
ENTRYPOINT [ "./crd-generator" ]
FROM ssl_runner AS http-relay-client
ARG EFFECTIVE_VERSION
LABEL app=http-relay-client
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/http-relay-client /http-relay-client
ENTRYPOINT [ "./http-relay-client" ]
FROM ssl_runner AS http-relay-server
ARG EFFECTIVE_VERSION
LABEL app=http-relay-server
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/http-relay-server /http-relay-server
ENTRYPOINT [ "./http-relay-server" ]
FROM ssl_runner AS logging-proxy
ARG EFFECTIVE_VERSION
LABEL app=logging-proxy
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/logging-proxy /logging-proxy
ENTRYPOINT [ "./logging-proxy" ]
FROM ssl_iptables_root_runner AS metadata-server
ARG EFFECTIVE_VERSION
LABEL app=metadata-server
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/metadata-server /metadata-server
ENTRYPOINT [ "./metadata-server" ]
FROM ssl_runner AS setup-robot
ARG EFFECTIVE_VERSION
LABEL app=setup-robot
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
# Helm used for templating charts
COPY --from=builder /helm_bin/linux-amd64/helm /setup-robot-files/helm
COPY --from=builder /build/synk /setup-robot-files/synk
COPY --from=builder /build/setup-robot /setup-robot
COPY --from=builder /charts/*.tgz /setup-robot-files/
ENTRYPOINT [ "./setup-robot" ]
FROM ssl_runner AS synk
ARG EFFECTIVE_VERSION
LABEL app=synk
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/synk /synk
ENTRYPOINT [ "./synk" ]
FROM ssl_runner AS tenant-controller
ARG EFFECTIVE_VERSION
LABEL app=tenant-controller
LABEL version=${EFFECTIVE_VERSION}
WORKDIR /
COPY --from=builder /build/tenant-controller /tenant-controller
ENTRYPOINT [ "./tenant-controller" ]