sigs.k8s.io/cluster-api@v1.7.1/cmd/clusterctl/Dockerfile

sigs.k8s.io/cluster-api@v1.7.1/cmd/clusterctl/Dockerfile (about)

     1  # syntax=docker/dockerfile:1.4
     2  
     3  # Copyright 2022 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  # Build the clusterctl binary
    18  # Run this with docker build --build-arg builder_image=<golang:x.y.z>
    19  ARG builder_image
    20  
    21  # Build architecture
    22  ARG ARCH
    23  
    24  # Ignore Hadolint rule "Always tag the version of an image explicitly."
    25  # It's an invalid finding since the image is explicitly set in the Makefile.
    26  # https://github.com/hadolint/hadolint/wiki/DL3006
    27  # hadolint ignore=DL3006
    28  FROM ${builder_image} as builder
    29  WORKDIR /workspace
    30  
    31  # Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy
    32  ARG goproxy=https://proxy.golang.org
    33  # Run this with docker build --build-arg package=./cmd/clusterctl
    34  ENV GOPROXY=$goproxy
    35  
    36  # Copy the Go Modules manifests
    37  COPY go.mod go.mod
    38  COPY go.sum go.sum
    39  
    40  # Cache deps before building and copying source so that we don't need to re-download as much
    41  # and so that source changes don't invalidate our downloaded layer
    42  RUN --mount=type=cache,target=/go/pkg/mod \
    43      go mod download
    44  
    45  # Copy the sources
    46  COPY ./ ./
    47  
    48  # Cache the go build into the Go’s compiler cache folder so we take benefits of compiler caching across docker build calls
    49  RUN --mount=type=cache,target=/root/.cache/go-build \
    50      --mount=type=cache,target=/go/pkg/mod \
    51      go build ./cmd/clusterctl
    52  
    53  # Build
    54  ARG package=.
    55  ARG ARCH
    56  ARG ldflags
    57  
    58  # Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
    59  RUN --mount=type=cache,target=/root/.cache/go-build \
    60      --mount=type=cache,target=/go/pkg/mod \
    61      CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
    62      go build -trimpath -ldflags "${ldflags} -extldflags '-static'" \
    63      -o clusterctl ${package}
    64  
    65  # Production image
    66  FROM gcr.io/distroless/static:nonroot-${ARCH}
    67  WORKDIR /
    68  COPY --from=builder /workspace/clusterctl .
    69  # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
    70  USER 65532
    71  ENTRYPOINT ["/clusterctl"]