41 lines
1.3 KiB
Docker
41 lines
1.3 KiB
Docker
# syntax=docker/dockerfile:1.4
|
|
|
|
|
|
# Build the manager binary
|
|
ARG builder_image
|
|
|
|
# Ignore Hadolint rule "Always tag the version of an image explicitly."
|
|
# It's an invalid finding since the image is explicitly set in the Makefile.
|
|
# https://github.com/hadolint/hadolint/wiki/DL3006
|
|
# hadolint ignore=DL3006
|
|
FROM --platform=$BUILDPLATFORM ${builder_image} as builder
|
|
WORKDIR /workspace
|
|
|
|
# Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy
|
|
ARG goproxy=https://proxy.golang.org
|
|
# Run this with docker build --build-arg package=./controlplane or --build-arg package=./bootstrap
|
|
ENV GOPROXY=$goproxy
|
|
|
|
# Copy the sources
|
|
COPY ./ ./
|
|
|
|
# Build
|
|
ARG package=.
|
|
ARG ldflags
|
|
ARG TARGETOS TARGETARCH
|
|
|
|
# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
|
|
RUN --mount=type=cache,target=/go/pkg/mod \
|
|
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
|
|
go build -trimpath -ldflags "${ldflags} -extldflags '-static'" \
|
|
-o manager ${package}
|
|
|
|
# Production image
|
|
FROM gcr.io/distroless/static:nonroot
|
|
LABEL org.opencontainers.image.source=https://github.com/rancher/cluster-api-provider-rke2
|
|
WORKDIR /
|
|
COPY --from=builder /workspace/manager .
|
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
|
USER 65532
|
|
ENTRYPOINT ["/manager"]
|