github.com/m3db/m3@v1.5.0/docker/m3dbnode/Dockerfile-setcap

github.com/m3db/m3@v1.5.0/docker/m3dbnode/Dockerfile-setcap (about)

     1  # stage 1: build
     2  FROM golang:1.16.5-alpine3.13 AS builder
     3  LABEL maintainer="The M3DB Authors <m3db@googlegroups.com>"
     4  
     5  # Install deps
     6  RUN apk add --update git make bash
     7  
     8  # Add source code
     9  RUN mkdir -p /go/src/github.com/m3db/m3
    10  ADD . /go/src/github.com/m3db/m3
    11  
    12  # Build m3dbnode binary
    13  RUN cd /go/src/github.com/m3db/m3/ && \
    14      git submodule update --init      && \
    15      make m3dbnode-linux-amd64
    16  
    17  # Stage 2: lightweight "release"
    18  FROM alpine:3.11
    19  LABEL maintainer="The M3DB Authors <m3db@googlegroups.com>"
    20  
    21  ENV GODEBUG madvdontneed=1
    22  
    23  EXPOSE 2379/tcp 2380/tcp 7201/tcp 7203/tcp 9000-9004/tcp
    24  
    25  COPY --from=builder /go/src/github.com/m3db/m3/src/dbnode/config/m3dbnode-local-etcd.yml /etc/m3dbnode/m3dbnode.yml
    26  COPY --from=builder /go/src/github.com/m3db/m3/bin/m3dbnode \
    27    /go/src/github.com/m3db/m3/scripts/m3dbnode_bootstrapped.sh \
    28    /bin/
    29  
    30  # Use setcap to set +e "effective" and +p "permitted" to adjust the SYS_RESOURCE
    31  # so the process can raise the hard file limit with setrlimit.
    32  # Also provide timezone data to allow TZ environment variable to be set
    33  # for parsing relative times such as "9am" correctly and respect
    34  # the TZ environment variable.
    35  RUN apk add --no-cache tzdata curl jq libcap && \
    36    setcap cap_sys_resource=+ep /bin/m3dbnode
    37  
    38  ENV GODEBUG madvdontneed=1
    39  
    40  ENTRYPOINT [ "/bin/m3dbnode" ]
    41  CMD [ "-f", "/etc/m3dbnode/m3dbnode.yml" ]