-
Notifications
You must be signed in to change notification settings - Fork 116
/
Copy pathDockerfile
88 lines (74 loc) · 3.28 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Setup defaults for build arguments
ARG PLATFORMS=linux/amd64
# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
# This sha relates to ubi version 8.10-1132, which is tagged as 8.10 and latest as of Nov 15, 2024
ARG BASE_IMAGE=registry.access.redhat.com/ubi8/ubi@sha256
ARG BASE_IMAGE_VERSION=8990388831e1b41c9a67389e4b691dae8b1283f77d5fb7263e1f4fc69c0a9d05
# Build the manager binary
FROM golang:1.23.0 AS builder
WORKDIR /workspace
# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# Cache dependencies before building and copying source to reduce re-downloading
RUN go mod download
# Copy the go source
COPY main.go main.go
COPY api/ api/
COPY controllers/ controllers/
COPY pkg/ pkg/
COPY tools/ tools/
COPY hack hack/
# Build
# TARGETOS and TARGETARCH are provided(inferred) by buildx via the --platforms flag
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -a -o manager main.go
# Use BASE_IMAGE as the base image
FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
ENV OPERATOR=/manager \
USER_UID=1001 \
USER_NAME=nonroot
# Install necessary packages and configure user
RUN if grep -q 'Ubuntu' /etc/os-release; then \
apt-get update && \
apt-get install -y --no-install-recommends passwd && \
apt-get install -y --no-install-recommends krb5-locales && \
apt-get install -y --no-install-recommends unattended-upgrades && \
useradd -ms /bin/bash nonroot -u 1001 && \
apt-get install -y --no-install-recommends ca-certificates && \
update-ca-certificates && \
unattended-upgrades -v && \
apt-get clean && rm -rf /var/lib/apt/lists/*; \
else \
yum -y install shadow-utils && \
useradd -ms /bin/bash nonroot -u 1001 && \
yum install -y ca-certificates && \
update-ca-trust && \
yum update -y krb5-libs && yum clean all && \
yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical && \
yum -y update-minimal --security --sec-severity=Moderate && \
yum -y update-minimal --security --sec-severity=Low; \
fi
# Metadata
LABEL name="splunk" \
maintainer="[email protected]" \
vendor="splunk" \
version="2.7.1" \
release="1" \
summary="Simplify the Deployment & Management of Splunk Products on Kubernetes" \
description="The Splunk Operator for Kubernetes (SOK) makes it easy for Splunk Administrators to deploy and operate Enterprise deployments in a Kubernetes infrastructure. Packaged as a container, it uses the operator pattern to manage Splunk-specific custom resources, following best practices to manage all the underlying Kubernetes objects for you."
# Set up workspace
WORKDIR /
RUN mkdir /licenses && \
mkdir -p /tools/k8_probes
# Copy necessary files from the builder stage and other resources
COPY --from=builder /workspace/manager .
COPY tools/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf /licenses
COPY LICENSE /licenses/LICENSE-2.0.txt
COPY tools/k8_probes/livenessProbe.sh /tools/k8_probes/
COPY tools/k8_probes/readinessProbe.sh /tools/k8_probes/
COPY tools/k8_probes/startupProbe.sh /tools/k8_probes/
# Set the user
USER 1001
# Start the manager
ENTRYPOINT ["/manager"]