2020-09-16 14:05:51 +00:00
|
|
|
# Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
2020-08-09 17:04:05 +00:00
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2020-12-16 18:31:54 +00:00
|
|
|
FROM golang:1.15.6 as build-env
|
2020-07-17 03:52:53 +00:00
|
|
|
|
2020-07-06 23:54:04 +00:00
|
|
|
WORKDIR /work
|
|
|
|
# Get dependencies first so they can be cached as a layer
|
2020-08-12 20:57:27 +00:00
|
|
|
COPY go.* ./
|
2020-08-24 19:30:45 +00:00
|
|
|
COPY generated/1.19/apis/go.* ./generated/1.19/apis/
|
|
|
|
COPY generated/1.19/client/go.* ./generated/1.19/client/
|
2020-07-06 23:54:04 +00:00
|
|
|
RUN go mod download
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-07-23 15:05:21 +00:00
|
|
|
# Copy only the production source code to avoid cache misses when editing other files
|
2020-08-24 19:30:45 +00:00
|
|
|
COPY generated ./generated
|
2020-07-23 15:05:21 +00:00
|
|
|
COPY cmd ./cmd
|
2020-11-17 18:46:54 +00:00
|
|
|
COPY pkg ./pkg
|
2020-07-23 15:05:21 +00:00
|
|
|
COPY internal ./internal
|
|
|
|
COPY tools ./tools
|
|
|
|
COPY hack ./hack
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-08-06 00:43:24 +00:00
|
|
|
# Build the executable binary (CGO_ENABLED=0 means static linking)
|
2020-09-10 02:06:39 +00:00
|
|
|
RUN mkdir out \
|
2020-10-06 18:59:03 +00:00
|
|
|
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-concierge/... \
|
2020-10-06 00:28:19 +00:00
|
|
|
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-supervisor/... \
|
2020-09-10 22:20:02 +00:00
|
|
|
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o out ./cmd/local-user-authenticator/...
|
2020-07-06 23:54:04 +00:00
|
|
|
|
2020-08-12 20:57:27 +00:00
|
|
|
# Use a runtime image based on Debian slim
|
2020-11-03 00:17:15 +00:00
|
|
|
FROM debian:10.6-slim
|
2020-11-11 23:10:06 +00:00
|
|
|
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-09-10 02:06:39 +00:00
|
|
|
# Copy the binaries from the build-env stage
|
2020-10-06 18:59:03 +00:00
|
|
|
COPY --from=build-env /work/out/pinniped-concierge /usr/local/bin/pinniped-concierge
|
2020-10-06 00:28:19 +00:00
|
|
|
COPY --from=build-env /work/out/pinniped-supervisor /usr/local/bin/pinniped-supervisor
|
2020-09-10 22:20:02 +00:00
|
|
|
COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-user-authenticator
|
2020-08-12 20:57:27 +00:00
|
|
|
|
2020-11-02 16:57:05 +00:00
|
|
|
# Document the ports
|
|
|
|
EXPOSE 8080 8443
|
|
|
|
|
|
|
|
# Run as non-root for security posture
|
|
|
|
USER 1001:1001
|
2020-08-12 20:57:27 +00:00
|
|
|
|
|
|
|
# Set the entrypoint
|
2020-10-06 18:59:03 +00:00
|
|
|
ENTRYPOINT ["/usr/local/bin/pinniped-concierge"]
|