forked from kyma-incubator/reconciler
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.cr
49 lines (35 loc) · 1.45 KB
/
Dockerfile.cr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Istioctl source images
FROM europe-docker.pkg.dev/kyma-project/prod/external/istio/istioctl:1.17.3 AS istio-1_17_3
FROM europe-docker.pkg.dev/kyma-project/prod/external/istio/istioctl:1.18.0 AS istio-1_18_0
# Build image
FROM golang:1.20.5-alpine3.17 AS build
ENV SRC_DIR=/go/src/github.com/kyma-incubator/reconciler
COPY . $SRC_DIR
RUN mkdir /user && \
echo 'appuser:x:2000:2000:appuser:/:' > /user/passwd && \
echo 'appuser:x:2000:' > /user/group
WORKDIR $SRC_DIR
RUN go mod download
COPY configs /configs
RUN CGO_ENABLED=0 go build -o /bin/reconciler -ldflags '-s -w' ./cmd/reconciler/main.go
# Get latest CA certs
# hadolint ignore=DL3007
FROM alpine:latest as certs
RUN apk add --no-cache ca-certificates
# Final image
FROM scratch
LABEL [email protected]:kyma-incubator/reconciler.git
# Add SSL certificates
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# Add system users
COPY --from=build /user/group /user/passwd /etc/
# Add reconciler
COPY --from=build /bin/reconciler /bin/reconciler
COPY --from=build /configs/ /configs/
# Add istioctl tools
COPY --from=istio-1_17_3 /usr/local/bin/istioctl /bin/istioctl-1.17.3
COPY --from=istio-1_18_0 /usr/local/bin/istioctl /bin/istioctl-1.18.0
# For multiple istioctl binaries, provide their paths separated with a semicolon (;) like in the Linux PATH variable.
ENV ISTIOCTL_PATH=/bin/istioctl-1.17.3;/bin/istioctl-1.18.0
USER appuser:appuser
CMD ["/bin/reconciler"]