-
Notifications
You must be signed in to change notification settings - Fork 13
/
Dockerfile
48 lines (37 loc) · 1.59 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.21 AS build
USER root
RUN mkdir /src /rds_ca
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /rds_ca/aws-rds-ca-global-bundle.pem
WORKDIR /src
RUN go env -w GOCACHE=/go/.cache; \
go env -w GOMODCACHE=/go/pkg/mod
# Use the docker build cache to avoid calling 'go mod download' if go.mod/go.sum have not been changed.
# Otherwise, use cache mount to cache dependencies between builds.
# mount=type=bind is intentionally not used to ensure compatibility between docker and podman.
# See:
# - https://docs.docker.com/build/cache/
# - https://docs.docker.com/build/guide/mounts/
# - https://github.com/containers/podman/issues/15423
COPY go.* ./
RUN --mount=type=cache,target=/go/pkg/mod/ \
go mod download
COPY . ./
ARG TARGETARCH
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/go/.cache/ \
make fleet-manager fleetshard-sync GOOS=linux GOARCH=${TARGETARCH}
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10 AS standard
RUN microdnf install shadow-utils
RUN useradd -u 1001 unprivilegeduser
# Switch to non-root user
USER unprivilegeduser
COPY --chown=unprivilegeduser --from=build /src/fleet-manager /src/fleetshard-sync /usr/local/bin/
COPY --chown=unprivilegeduser --from=build /rds_ca /usr/local/share/ca-certificates
EXPOSE 8000
WORKDIR /
ENTRYPOINT ["/usr/local/bin/fleet-manager", "serve"]
LABEL name="fleet-manager" \
vendor="Red Hat, Inc." \
version="0.0.1" \
summary="FleetManager" \
description="Red Hat Advanced Cluster Security Fleet Manager"