From 247afdf76ea4a1ae9bc976201762d08158ea897b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20=C5=9Awi=C4=85tek?= Date: Fri, 18 Aug 2023 14:24:31 +0000 Subject: [PATCH] Use scratch as the base image for operator (#2014) --- .chloggen/chore_dockerfile-base-scratch.yaml | 16 ++++++++++++++++ Dockerfile | 15 +++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) create mode 100755 .chloggen/chore_dockerfile-base-scratch.yaml diff --git a/.chloggen/chore_dockerfile-base-scratch.yaml b/.chloggen/chore_dockerfile-base-scratch.yaml new file mode 100755 index 0000000000..c9276d722b --- /dev/null +++ b/.chloggen/chore_dockerfile-base-scratch.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: enhancement + +# The name of the component, or a single word describing the area of concern, (e.g. operator, target allocator, github action) +component: operator + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Use scratch as the base image for operator + +# One or more tracking issues related to the change +issues: [2011] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/Dockerfile b/Dockerfile index d097f82cfd..4dfecd17a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,10 @@ # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.21-alpine as builder WORKDIR /workspace + +RUN apk --no-cache add ca-certificates + # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum @@ -33,10 +36,14 @@ ARG AUTO_INSTRUMENTATION_GO_VERSION # Build RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.otelCol=${OTELCOL_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGETALLOCATOR_VERSION} -X ${VERSION_PKG}.operatorOpAMPBridge=${OPERATOR_OPAMP_BRIDGE_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationGo=${AUTO_INSTRUMENTATION_GO_VERSION} -X ${VERSION_PKG}.autoInstrumentationApacheHttpd=${AUTO_INSTRUMENTATION_APACHE_HTTPD_VERSION}" -a -o manager main.go -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot +######## Start a new stage from scratch ####### +FROM scratch + WORKDIR / + +# Copy the certs from the builder +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + COPY --from=builder /workspace/manager . USER 65532:65532