Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images #1495

Merged
merged 7 commits into from Jan 29, 2021
Merged

Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images #1495

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3861db1
Dockerfile refactored
imrajdas Jan 24, 2021
b04bfe2
Adding non-root commands to docker images and enhanced the dockerfiles
imrajdas Jan 24, 2021
233b8d0
changing base image to scratch
imrajdas Jan 24, 2021
4de5cb9
Minor typo fix
imrajdas Jan 24, 2021
ca77228
changing dockerfiles to use /etc/passwd to use non-root user'
imrajdas Jan 28, 2021
8285591
minor typo
imrajdas Jan 28, 2021
03605ab
minor typo
imrajdas Jan 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 3 additions & 8 deletions Makefile
View file
Open in desktop
Expand Up @@ -36,9 +36,7 @@ initContainer: fmt vet
docker-publish-initContainer: docker-build-initContainer docker-tag-repo-initContainer docker-push-initContainer

docker-build-initContainer:
CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(INITC_PATH)/kyvernopre -ldflags=$(LD_FLAGS) $(PWD)/$(INITC_PATH)/main.go
echo $(PWD)/$(INITC_PATH)/
@docker build -f $(PWD)/$(INITC_PATH)/Dockerfile -t $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) $(PWD)/$(INITC_PATH)/
@docker build -f $(PWD)/$(INITC_PATH)/Dockerfile -t $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)

docker-tag-repo-initContainer:
@docker tag $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG) $(REPO)/$(INITC_IMAGE):latest
Expand All @@ -64,8 +62,7 @@ kyverno: fmt vet
docker-publish-kyverno: docker-build-kyverno docker-tag-repo-kyverno docker-push-kyverno

docker-build-kyverno:
CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(KYVERNO_PATH)/main.go
@docker build -f $(PWD)/$(KYVERNO_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) $(PWD)/$(KYVERNO_PATH)
@docker build -f $(PWD)/$(KYVERNO_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)

docker-tag-repo-kyverno:
@echo "docker tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) $(REPO)/$(KYVERNO_IMAGE):latest"
Expand Down Expand Up @@ -97,8 +94,7 @@ cli:
docker-publish-cli: docker-build-cli docker-tag-repo-cli docker-push-cli

docker-build-cli:
CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(CLI_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(CLI_PATH)/main.go
@docker build -f $(PWD)/$(CLI_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG) $(PWD)/$(CLI_PATH)
@docker build -f $(PWD)/$(CLI_PATH)/Dockerfile -t $(REPO)/$(CLI_PATH):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)

docker-tag-repo-cli:
@echo "docker tag $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG) $(REPO)/$(KYVERNO_CLI_IMAGE):latest"
Expand Down Expand Up @@ -212,4 +208,3 @@ fmt:

vet:
go vet ./...

28 changes: 26 additions & 2 deletions cmd/cli/kubectl-kyverno/Dockerfile
View file
Open in desktop
@@ -1,3 +1,27 @@
# Multi-stage docker build
# Build stage
FROM golang:1.14 AS builder

LABEL maintainer="Kyverno"

# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS

ADD . /kyverno
WORKDIR /kyverno

RUN CGO_ENABLED=0 GOOS=linux go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/cli/kubectl-kyverno/

RUN useradd -u 10001 kyverno

# Packaging stage
FROM scratch
ADD kyverno /kyverno
ENTRYPOINT ["/kyverno"]

LABEL maintainer="Kyverno"

COPY --from=builder /output/kyverno /
COPY --from=builder /etc/passwd /etc/passwd

USER kyverno

ENTRYPOINT ["./kyverno"]
28 changes: 26 additions & 2 deletions cmd/initContainer/Dockerfile
View file
Open in desktop
@@ -1,3 +1,27 @@
# Multi-stage docker build
# Build stage
FROM golang:1.14 AS builder

LABEL maintainer="Kyverno"

# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS

ADD . /kyverno
WORKDIR /kyverno

RUN CGO_ENABLED=0 GOOS=linux go build -o /output/kyvernopre -ldflags="${LD_FLAGS}" -v ./cmd/initContainer/

RUN useradd -u 10001 kyverno

# Packaging stage
FROM scratch
ADD kyvernopre /kyvernopre
ENTRYPOINT ["/kyvernopre"]

LABEL maintainer="Kyverno"

COPY --from=builder /output/kyvernopre /
COPY --from=builder /etc/passwd /etc/passwd

USER kyverno

ENTRYPOINT ["./kyvernopre"]
28 changes: 26 additions & 2 deletions cmd/kyverno/Dockerfile
View file
Open in desktop
@@ -1,3 +1,27 @@
# Multi-stage docker build
# Build stage
FROM golang:1.14 AS builder

LABEL maintainer="Kyverno"

# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS

ADD . /kyverno
WORKDIR /kyverno

RUN CGO_ENABLED=0 GOOS=linux go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/kyverno/

RUN useradd -u 10001 kyverno

# Packaging stage
FROM scratch
ADD kyverno /kyverno
ENTRYPOINT ["/kyverno"]

LABEL maintainer="Kyverno"

COPY --from=builder /output/kyverno /
COPY --from=builder /etc/passwd /etc/passwd

USER kyverno

ENTRYPOINT ["./kyverno"]