Update Dockerfile and build target

integr8ly · Nov 18, 2019 · 3de6d21 · 3de6d21
1 parent e24e1fe
commit 3de6d21
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 9 deletions.
diff --git a/Makefile b/Makefile
@@ -16,12 +16,8 @@ setup/moq:
 	dep ensure
 	cd vendor/github.com/matryer/moq/ && go install .
 
-.PHONY: code/compile
-code/compile:
-	@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o=$(COMPILE_TARGET) ./cmd/manager
-
 .PHONY: image/build
-image/build: code/compile
+image/build:
 	@operator-sdk build $(REG)/$(ORG)/$(PROJECT):$(TAG)
 
 .PHONY: image/push

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,8 +1,15 @@
-FROM centos:7
+FROM registry.access.redhat.com/ubi8/ubi:8.0
 
+ENV OPERATOR=/usr/local/bin/heimdall \
+    USER_UID=1001 \
+    USER_NAME=heimdall
 
-RUN yum update -h && yum update -y && yum install atomic -y
+# install operator binary
+COPY build/_output/bin/heimdall ${OPERATOR}
 
-#USER nobody
+COPY build/bin /usr/local/bin
+RUN  /usr/local/bin/user_setup
 
-#ADD build/_output/bin/heimdall /usr/local/bin/heimdall
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
diff --git a/build/bin/entrypoint b/build/bin/entrypoint
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+
+if ! whoami &>/dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-heimdall}:x:$(id -u):$(id -g):${USER_NAME:-heimdall} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+mkdir -p ${HOME}
+chown ${USER_UID}:0 ${HOME}
+chmod ug+rwx ${HOME}
+
+# runtime user will need to be able to self-insert in /etc/passwd
+chmod g+rw /etc/passwd
+
+# no need for this script to remain in the image after running
+rm $0