FROM ubuntu:xenial
# Do not add more stuff to this list that isn't small or critically useful.
# If you occasionally need something on the container do
# sudo /usr/local/bin/proxy-redirection-clear
# sudo apt-get update && apt-get whichever
# sudo /usr/local/bin/proxy-redirection-restore
RUN apt-get update && \
    apt-get install --no-install-recommends -y \
      curl \
      iptables \
      iproute2 \
      iputils-ping \
      dnsutils \
      netcat \
      tcpdump \
      net-tools \
      libc6-dbg gdb \
      elvis-tiny \
      lsof \
      busybox \
      sudo && \
    rm -rf /var/lib/apt/lists/*

# Deprecated: use "/usr/local/bin/istio-iptables.sh clear"
ADD proxy-redirection-clear /usr/local/bin/proxy-redirection-clear
ADD proxy-redirection-restore /usr/local/bin/proxy-redirection-restore
ADD istio-iptables.sh /usr/local/bin/istio-iptables.sh
ADD istio-start.sh /usr/local/bin/istio-start.sh
ADD envoy.json /var/lib/istio/envoy/envoy.json
ADD envoy /usr/local/bin/envoy

# Sudoers used to allow tcpdump and other debug utilities.
RUN useradd -m --uid 1337 istio-proxy && \
    echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers && \
    chown -R istio-proxy /var/lib/istio

ENTRYPOINT /usr/local/bin/istio-start.sh