-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathDockerfile-alpine
46 lines (28 loc) · 1.35 KB
/
Dockerfile-alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
FROM golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 AS builder
# Can be removed once testing done from go rather than bash
# gcc and libc-dev needed for go vet
RUN apk add --no-cache bash diffutils gcc libc-dev git jq openssl
WORKDIR /src/github.com/RichardoC/kube-audit-rest
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY . .
RUN go vet ./...
# Do simple local testing
RUN ./testing/locally/local-testing.sh
# CGO_ENABLED forces a static binary
RUN CGO_ENABLED=0 GOOS=linux go build -o kube-audit-rest ./cmd/kube-audit-rest/main.go
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
LABEL org.opencontainers.image.source="https://github.com/RichardoC/kube-audit-rest"
LABEL org.opencontainers.image.description="Kubernetes audit logging, when you don't control the control plane"
LABEL org.opencontainers.image.licenses="Apache-2.0"
LABEL org.opencontainers.image.documentation="https://github.com/RichardoC/kube-audit-rest"
LABEL org.opencontainers.image.title="kube-audit-rest"
# Application port
EXPOSE 9090
# Metrics port
EXPOSE 55555
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /src/github.com/RichardoC/kube-audit-rest/kube-audit-rest /kube-audit-rest
USER 255999
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/kube-audit-rest"]