djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
86c3f89b2e
ContainerImage.Pinniped/Dockerfile
Ryan Richard 86c3f89b2e First draft of moving API server TLS cert generation to controllers 
- Refactors the existing cert generation code into controllers
  which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
  for cert expiration, and no leader election to allow for
  multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
  code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00

54 lines
1.8 KiB
Docker
Raw Blame History

# Copyright 2020 VMware, Inc.
# SPDX-License-Identifier: Apache-2.0
FROM golang:1.14-alpine as build-env
# It is important that these ARG's are defined after the FROM statement
ARG ACCESS_TOKEN_USR="nothing"
ARG ACCESS_TOKEN_PWD="nothing"
# git is required to fetch go dependencies
RUN apk add --no-cache ca-certificates git bash
# Create a netrc file using the credentials specified using --build-arg
RUN printf "machine github.com\n\
login ${ACCESS_TOKEN_USR}\n\
password ${ACCESS_TOKEN_PWD}\n\
\n\
machine api.github.com\n\
login ${ACCESS_TOKEN_USR}\n\
password ${ACCESS_TOKEN_PWD}\n"\
>> /root/.netrc
RUN chmod 600 /root/.netrc
RUN mkdir /work
RUN mkdir /work/out
WORKDIR /work
# Get dependencies first so they can be cached as a layer
COPY go.mod go.sum ./
COPY pkg/client/go.mod pkg/client/go.sum ./pkg/client/
COPY kubernetes/1.19/api/go.mod kubernetes/1.19/api/go.sum ./kubernetes/1.19/api/
COPY kubernetes/1.19/client-go/go.mod kubernetes/1.19/client-go/go.sum ./kubernetes/1.19/client-go/
RUN go mod download
# Copy only the production source code to avoid cache misses when editing other files
COPY kubernetes ./kubernetes
COPY cmd ./cmd
COPY internal ./internal
COPY pkg ./pkg
COPY tools ./tools
COPY hack ./hack
# Build the executable binary (CGO_ENABLED=0 means static linking)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/placeholder-name-server/...
FROM alpine:latest
# Install CA certs and some tools for debugging
RUN apk --update --no-cache add ca-certificates bash curl
WORKDIR /root/
# Copy the binary from the build-env stage
COPY --from=build-env /work/out/placeholder-name-server placeholder-name-server
# Document the port
EXPOSE 443
# Set the command
CMD ["./placeholder-name-server"]
Reference in New Issue View Git Blame Copy Permalink