-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
48 lines (37 loc) · 2.03 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# syntax=docker/dockerfile:1
# ╭──────────────────────────────────────────────────────────╮
# │ build stage │
# ╰──────────────────────────────────────────────────────────╯
FROM golang:1.23.3-alpine3.20@sha256:09742590377387b931261cbeb72ce56da1b0d750a27379f7385245b2b058b63a as build
# Install necessary packages
RUN apk update && \
apk add --no-cache git ca-certificates tzdata && \
update-ca-certificates && \
apk add --no-cache shadow
# Create appuser
RUN groupadd -g 1001 appuser \
&& useradd -u 1001 -g 1001 -m appuser
WORKDIR /app
COPY . .
# Fetch dependencies
RUN go mod download
# Build the binary
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -a -installsuffix cgo -o /aks-audit-log-go .
# ╭──────────────────────────────────────────────────────────╮
# │ final stage │
# ╰──────────────────────────────────────────────────────────╯
FROM scratch
LABEL org.opencontainers.image.source="https://github.com/dfo-mpo/aks-audit-log-go"
LABEL org.opencontainers.image.description="Forward AKS audit logs to falco"
LABEL maintainer="[email protected]"
# Import from build
COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /etc/passwd /etc/passwd
# Copy our static executable
COPY --from=build /aks-audit-log-go /aks-audit-log-go
# Use an unprivileged user
USER appuser
# Expose port 9000
EXPOSE 9000
ENTRYPOINT ["/aks-audit-log-go"]