-
Notifications
You must be signed in to change notification settings - Fork 103
/
Dockerfile.scratch
42 lines (34 loc) · 1.52 KB
/
Dockerfile.scratch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
FROM alpine:3.20 AS downloader
ARG K8S_SCHEMA_VER=master
WORKDIR /schemas
RUN set -x && \
apk add --no-cache curl && \
if [ "${K8S_SCHEMA_VER}" != "master" ]; then K8S_SCHEMA_VER="v${K8S_SCHEMA_VER}"; fi && \
BASE_URL="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" && \
SCHEMA_PATH="${K8S_SCHEMA_VER}-standalone-strict" && \
mkdir "${SCHEMA_PATH}" && \
curl -sSL --output-dir "${SCHEMA_PATH}" -O "${BASE_URL}/${SCHEMA_PATH}/pod-v1.json" && \
curl -sSL --output-dir "${SCHEMA_PATH}" -O "${BASE_URL}/${SCHEMA_PATH}/daemonset-apps-v1.json" && \
curl -sSL --output-dir "${SCHEMA_PATH}" -O "${BASE_URL}/${SCHEMA_PATH}/deployment-apps-v1.json" && \
curl -sSL --output-dir "${SCHEMA_PATH}" -O "${BASE_URL}/${SCHEMA_PATH}/statefulset-apps-v1.json"
FROM golang:1.23-alpine AS builder
RUN echo "kubesec:x:31012:31012:kubesec:/home/kubesec:/sbin/nologin" > /passwd && \
echo "kubesec:x:31012:" > /group
WORKDIR /kubesec
RUN apk add --no-cache git ca-certificates
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o kubesec .
# ===
FROM scratch
ARG K8S_SCHEMA_VER
ENV K8S_SCHEMA_VER=${K8S_SCHEMA_VER:-}
ENV SCHEMA_LOCATION=/schemas
WORKDIR /home/kubsec
COPY --from=builder /passwd /group /etc/
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /kubesec/kubesec /bin/kubesec
COPY --from=downloader --chown=kubesec /schemas /schemas
COPY --chown=kubesec ./templates/ /templates
USER kubesec
ENTRYPOINT ["/bin/kubesec"]
CMD ["http", "8080"]