github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/build-aux/docker/images/Dockerfile.traffic

github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/build-aux/docker/images/Dockerfile.traffic (about)

     1  # syntax = docker/dockerfile:1.3
     2  
     3  # Copyright 2020-2022 Datawire. All rights reserved.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  FROM --platform=$BUILDPLATFORM golang:alpine as tel2-build
    18  
    19  RUN apk add --no-cache gcc musl-dev fuse-dev libcap binutils-gold
    20  
    21  WORKDIR telepresence
    22  COPY go.mod go.sum .
    23  COPY cmd/ cmd/
    24  COPY pkg/ pkg/
    25  COPY rpc/ rpc/
    26  COPY charts/ charts/
    27  COPY build-output/version.txt .
    28  
    29  ARG TARGETOS
    30  ARG TARGETARCH
    31  
    32  RUN \
    33      --mount=type=cache,target=/root/.cache/go-build \
    34      --mount=type=cache,target=/go/pkg/mod \
    35      GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /usr/local/bin/ -trimpath -ldflags=-X=$(go list ./pkg/version).Version=$(cat version.txt) ./cmd/traffic/...
    36  
    37  # setcap is necessary because the process will listen to privileged ports
    38  RUN setcap 'cap_net_bind_service+ep' /usr/local/bin/traffic
    39  
    40  # The tel2 target is the one that gets published. It aims to be a small as possible.
    41  FROM alpine as tel2
    42  
    43  # some cluster providers don't support nftables, so we gotta use iptables-legacy
    44  # This ticket contains some good info: https://github.com/tailscale/tailscale/issues/10540
    45  RUN apk add --no-cache ca-certificates iptables iptables-legacy
    46  RUN rm /sbin/iptables && ln -s /sbin/iptables-legacy /sbin/iptables
    47  RUN rm /sbin/ip6tables && ln -s /sbin/ip6tables-legacy /sbin/ip6tables
    48  
    49  # the traffic binary
    50  COPY --from=tel2-build /usr/local/bin/traffic /usr/local/bin
    51  
    52  RUN \
    53    mkdir /tel_app_mounts && \
    54    chgrp -R 0 /tel_app_mounts && \
    55    chmod -R g=u /tel_app_mounts && \
    56    mkdir -p /home/telepresence && \
    57    chgrp -R 0 /home/telepresence && \
    58    chmod -R g=u /home/telepresence && \
    59    chmod 0777 /home/telepresence
    60  
    61  ENTRYPOINT ["traffic"]
    62  CMD []