From 1f454afbd7375f4ff691f3f65a4acf043a00d797 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Thu, 28 Jun 2018 13:24:49 +0200 Subject: [PATCH 1/6] Rebase container image on openshift/origin-base --- Dockerfile | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1f5f815b3..fe17f3571 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,22 @@ -FROM golang:1.10-alpine AS build -RUN apk add --update make -WORKDIR /go/src/github.com/brancz/kube-rbac-proxy -COPY . . -RUN make build - -FROM alpine:3.7 -COPY --from=build /go/src/github.com/brancz/kube-rbac-proxy/_output/linux/amd64/kube-rbac-proxy . -ENTRYPOINT ["./kube-rbac-proxy"] +FROM openshift/origin-base + +ENV GOPATH /go +RUN mkdir $GOPATH + +COPY . $GOPATH/src/github.com/brancz/kube-rbac-proxy + +RUN yum install -y golang make && \ + cd $GOPATH/src/github.com/brancz/kube-rbac-proxy && \ + make build && cp $GOPATH/src/github.com/brancz/kube-rbac-proxy/_output/linux/amd64/kube-rbac-proxy /usr/bin/ && \ + yum erase -y golang make && yum clean all + +LABEL io.k8s.display-name="kube-rbac-proxy" \ + io.k8s.description="This is a proxy, that can perform Kubernetes RBAC authorization." \ + io.openshift.tags="kubernetes" \ + maintainer="Frederic Branczyk " + +# doesn't require a root user. +USER 1001 + +ENTRYPOINT ["/usr/bin/kube-rbac-proxy"] EXPOSE 8080 From 23ac0b832cf3e8c3de5d7596ad30c52851b7e6a7 Mon Sep 17 00:00:00 2001 From: Paul Gier Date: Thu, 8 Nov 2018 09:09:26 -0600 Subject: [PATCH 2/6] add owners file for openshift CI management --- OWNERS | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 OWNERS diff --git a/OWNERS b/OWNERS new file mode 100644 index 000000000..d566dff12 --- /dev/null +++ b/OWNERS @@ -0,0 +1,15 @@ +reviewers: +- brancz +- mxinden +- elad661 +- ironcladlou +- squat +- s-urbaniak + +approvers: +- brancz +- mxinden +- elad661 +- ironcladlou +- squat +- s-urbaniak From c81a32ec4ef12c9a4d9c51c8f17199b98a89d592 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Thu, 28 Jun 2018 13:24:49 +0200 Subject: [PATCH 3/6] Rebase container image on openshift/origin-base --- Dockerfile | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5ac33974f..8a8dbd858 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,22 @@ -FROM golang:1.11-alpine AS build -RUN apk add --update make -WORKDIR /go/src/github.com/brancz/kube-rbac-proxy -COPY . . -RUN make build - -FROM alpine:3.8 -RUN apk add -U --no-cache ca-certificates && rm -rf /var/cache/apk/* -COPY --from=build /go/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy . -ENTRYPOINT ["./kube-rbac-proxy"] +FROM openshift/origin-base + +ENV GOPATH /go +RUN mkdir $GOPATH + +COPY . $GOPATH/src/github.com/brancz/kube-rbac-proxy + +RUN yum install -y golang make && \ + cd $GOPATH/src/github.com/brancz/kube-rbac-proxy && \ + make build && cp $GOPATH/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy /usr/bin/ && \ + yum erase -y golang make && yum clean all + +LABEL io.k8s.display-name="kube-rbac-proxy" \ + io.k8s.description="This is a proxy, that can perform Kubernetes RBAC authorization." \ + io.openshift.tags="kubernetes" \ + maintainer="Frederic Branczyk " + +# doesn't require a root user. +USER 1001 + +ENTRYPOINT ["/usr/bin/kube-rbac-proxy"] EXPOSE 8080 From bf4c9e95c2c4ba8c00ecafc9b7c4a01b413c08f4 Mon Sep 17 00:00:00 2001 From: Paul Gier Date: Thu, 8 Nov 2018 09:09:26 -0600 Subject: [PATCH 4/6] add owners file for openshift CI management --- OWNERS | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 OWNERS diff --git a/OWNERS b/OWNERS new file mode 100644 index 000000000..d566dff12 --- /dev/null +++ b/OWNERS @@ -0,0 +1,15 @@ +reviewers: +- brancz +- mxinden +- elad661 +- ironcladlou +- squat +- s-urbaniak + +approvers: +- brancz +- mxinden +- elad661 +- ironcladlou +- squat +- s-urbaniak From 395948705fa4808175baad0f65874ab8526e385c Mon Sep 17 00:00:00 2001 From: Paul Gier Date: Fri, 7 Dec 2018 09:55:25 -0600 Subject: [PATCH 5/6] Dockerfile: remove unnecessary rpm dependencies --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8a8dbd858..34f091224 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ COPY . $GOPATH/src/github.com/brancz/kube-rbac-proxy RUN yum install -y golang make && \ cd $GOPATH/src/github.com/brancz/kube-rbac-proxy && \ make build && cp $GOPATH/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy /usr/bin/ && \ - yum erase -y golang make && yum clean all + yum autoremove -y golang make && yum clean all LABEL io.k8s.display-name="kube-rbac-proxy" \ io.k8s.description="This is a proxy, that can perform Kubernetes RBAC authorization." \ From bbc898cad34ca353ebc500d5e69785c4e721355f Mon Sep 17 00:00:00 2001 From: Paul Gier Date: Mon, 17 Dec 2018 16:14:14 -0600 Subject: [PATCH 6/6] update Dockerfile to use multi-stage build --- Dockerfile | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34f091224..a32d3ff31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,18 @@ -FROM openshift/origin-base - -ENV GOPATH /go -RUN mkdir $GOPATH - -COPY . $GOPATH/src/github.com/brancz/kube-rbac-proxy - -RUN yum install -y golang make && \ - cd $GOPATH/src/github.com/brancz/kube-rbac-proxy && \ - make build && cp $GOPATH/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy /usr/bin/ && \ - yum autoremove -y golang make && yum clean all +FROM registry.svc.ci.openshift.org/openshift/release:golang-1.10 AS builder +WORKDIR /go/src/github.com/brancz/kube-rbac-proxy +COPY . . +RUN make build && \ + cp _output/linux/$(go env GOARCH)/kube-rbac-proxy _output/kube-rbac-proxy +FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base LABEL io.k8s.display-name="kube-rbac-proxy" \ io.k8s.description="This is a proxy, that can perform Kubernetes RBAC authorization." \ io.openshift.tags="kubernetes" \ maintainer="Frederic Branczyk " -# doesn't require a root user. -USER 1001 +ARG FROM_DIRECTORY=/go/src/github.com/brancz/kube-rbac-proxy +COPY --from=builder ${FROM_DIRECTORY}/_output/kube-rbac-proxy /usr/bin/kube-rbac-proxy -ENTRYPOINT ["/usr/bin/kube-rbac-proxy"] +USER nobody EXPOSE 8080 +ENTRYPOINT ["/usr/bin/kube-rbac-proxy"]