-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
61 lines (53 loc) · 2.16 KB
/
Dockerfile
File metadata and controls
61 lines (53 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
###############################################
# Builder stage: compile operator binary
###############################################
FROM golang:1.25-alpine AS builder
ARG TARGETOS=linux
ARG TARGETARCH=amd64
ARG VERSION=dev
ARG COMMIT=unknown
WORKDIR /workspace
RUN apk add --no-cache git
ENV GOTOOLCHAIN=auto \
GOPROXY=https://proxy.golang.org,direct \
GOSUMDB=sum.golang.org \
GOMODCACHE=/go/pkg/mod \
GOCACHE=/root/.cache/go-build
# Use BuildKit cache mounts to speed up and stabilize dependency downloads and builds
COPY go.mod go.sum ./
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
go mod download
COPY . .
# Build static binary (CGO disabled) for target OS/Arch
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
go build -v -trimpath -ldflags "-s -w" -o krypton-operator ./cmd/krypton-operator
###############################################
# Final stage: minimal runtime image
###############################################
FROM alpine:3.23 AS runtime
ARG VERSION=dev
ARG COMMIT=unknown
RUN apk add --no-cache ca-certificates bash busybox coreutils curl
WORKDIR /
COPY --from=builder /workspace/krypton-operator /krypton-operator
ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
TZ=UTC \
HELM_CACHE_HOME=/.cache/helm \
HELM_CONFIG_HOME=/.config/helm \
HELM_DATA_HOME=/.local/share/helm
# Pre-create writable helm cache/config/data directories for non-root UID
# Run as root for setup, then drop privileges
USER 0
RUN mkdir -p /.cache/helm/repository /.config/helm /.local/share/helm && \
touch /.config/helm/repositories.yaml && \
chown -R 65532:65532 /.cache /.config /.local
USER 65532:65532
ENTRYPOINT ["/krypton-operator"]
CMD ["-help"]
LABEL org.opencontainers.image.title="krypton-operator-debug" \
org.opencontainers.image.source="https://github.com/openkcm/krypton-operator" \
org.opencontainers.image.revision="${COMMIT}" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.description="Debug build with shell and core utilities"