fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use Debian instead of Alpine in container image 

This commit changes the base image for the build and controller
container images to Debian slim.

Reason for this is that it has proven to be hard to produce working
executables for AMD64, ARM64 and ARMv7 at all times using Alpine,
due to them being dynamically linked and compiled using CGO, and
Alpine having constraints like musl that create an extra barrier,
especially in combination with our exotic set of dependency
constraints.

There are a number of trade-offs we have to live with by doing this,
not limited to:

* An increased build time, the full release pipeline used to take 25-35
  minutes, based on the images we have build for testing purposes this
  seems to have become 35-40 minutes.
* An increased image size of roughly two times the (compressed) size of
  the Alpine based image.

Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit is contained in:
Hidde Beydals 2021-06-16 11:35:26 +02:00
parent 44dd9d7e28
commit 7e6b88e91c
1 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Dockerfile
View File

@ -1,7 +1,15 @@
# Docker buildkit multi-arch build requires golang alpine FROM golang:1.16-buster as builder
FROM golang:1.16-alpine as builder
RUN apk add --no-cache gcc pkgconfig libc-dev binutils-gold musl~=1.2 libgit2-dev~=1.1 # Up-to-date libgit2 dependencies are only available in
# >=bullseye (testing).
RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list
RUN set -eux; \
apt-get update \
&& apt-get install -y libgit2-dev/testing zlib1g-dev/testing libssh2-1-dev/testing libpcre3-dev/testing \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace WORKDIR /workspace
@ -24,21 +32,26 @@ COPY internal/ internal/
# build without specifing the arch # build without specifing the arch
RUN CGO_ENABLED=1 go build -o source-controller main.go RUN CGO_ENABLED=1 go build -o source-controller main.go
FROM alpine:3.13 FROM debian:buster-slim as controller
# link repo to the GitHub Container Registry image # link repo to the GitHub Container Registry image
LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller" LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller"
RUN apk add --no-cache ca-certificates tini libgit2~=1.1 musl~=1.2 # Up-to-date libgit2 dependencies are only available in
# >=bullseye (testing).
RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \
&& echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list
RUN set -eux; \
apt-get update \
&& apt-get install -y ca-certificates libgit2-1.1 \
&& apt-get clean \
&& apt-get autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /workspace/source-controller /usr/local/bin/ COPY --from=builder /workspace/source-controller /usr/local/bin/
# Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries. RUN groupadd controller && \
# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460 useradd --gid controller --shell /bin/sh --create-home controller
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
RUN addgroup -S controller && adduser -S controller -G controller
USER controller USER controller
ENTRYPOINT ["source-controller"]
ENTRYPOINT [ "/sbin/tini", "--", "source-controller" ]