|
1 | | -############################################################################## |
2 | | -# Build Orchestrator |
3 | | -############################################################################### |
| 1 | +# Docker image for orchestrator |
| 2 | +# The base image is pinned to the debug-nonroot tag |
| 3 | +FROM gcr.io/distroless/base-debian11@sha256:6894e9a1136595d0ef17499caee73e75be4f39fa0d30f588d91277ddb051a44a |
| 4 | +SHELL ["/busybox/sh", "-c"] |
4 | 5 |
|
5 | | -FROM golang:1.14.10-alpine3.12 as builder-orc |
| 6 | +# switch to root for installing software |
| 7 | +USER root |
6 | 8 |
|
7 | 9 | RUN set -ex \ |
8 | | - && apk add --no-cache \ |
9 | | - bash gcc git musl-dev openssl rsync perl-utils |
| 10 | + && mkdir -p /usr/local/bin \ |
| 11 | + && export DOCKERIZE_VERSION=0.6.1 \ |
| 12 | + && wget https://github.com/jwilder/dockerize/releases/download/v${DOCKERIZE_VERSION}/dockerize-linux-amd64-v${DOCKERIZE_VERSION}.tar.gz -O- | \ |
| 13 | + tar -C /usr/local/bin -xzv |
10 | 14 |
|
11 | | -ARG ORCHESTRATOR_VERSION=v3.2.3 |
12 | | -ARG ORCHESTRATOR_REPO=https://github.com/openark/orchestrator.git |
13 | 15 | RUN set -ex \ |
14 | | - && mkdir -p $GOPATH/src/github.com/openark/orchestrator \ |
15 | | - && cd $GOPATH/src/github.com/openark/orchestrator \ |
16 | | - && git init && git remote add origin $ORCHESTRATOR_REPO \ |
17 | | - && git fetch --tags \ |
18 | | - && git checkout $ORCHESTRATOR_VERSION |
19 | | - |
20 | | -WORKDIR $GOPATH/src/github.com/openark/orchestrator |
21 | | - |
22 | | -RUN set -ex && ./build.sh -b -P |
23 | | - |
24 | | - |
25 | | -############################################################################### |
26 | | -# Docker image for orchestrator |
27 | | -############################################################################### |
| 16 | + && export ORCHESTRATOR_VERSION=3.2.3 \ |
| 17 | + && wget https://github.com/openark/orchestrator/releases/download/v${ORCHESTRATOR_VERSION}/orchestrator-${ORCHESTRATOR_VERSION}-linux-amd64.tar.gz -O- | \ |
| 18 | + tar -C / -xzv |
28 | 19 |
|
29 | | -FROM alpine:3.12 |
30 | | - |
31 | | -# Create a group and user |
32 | | -RUN addgroup -g 777 orchestrator && adduser -u 777 -g 777 -S orchestrator |
33 | | - |
34 | | -ENV DOCKERIZE_VERSION v0.6.1 |
| 20 | +COPY rootfs/ / |
35 | 21 | RUN set -ex \ |
36 | | - && apk add --update --no-cache \ |
37 | | - curl \ |
38 | | - wget \ |
39 | | - tar \ |
40 | | - openssl \ |
41 | | - && mkdir /etc/orchestrator /var/lib/orchestrator \ |
42 | | - && chown -R 777:777 /etc/orchestrator /var/lib/orchestrator \ |
43 | | - && wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz -O- | \ |
44 | | - tar -C /usr/local/bin -xzv |
45 | | - |
46 | | -COPY --chown=777:777 rootfs/ / |
47 | | -COPY --from=builder-orc /tmp/orchestrator-release/build/orchestrator/usr/local/orchestrator/ /usr/local/orchestrator/ |
| 22 | + && mkdir -p /etc/orchestrator /var/lib/orchestrator \ |
| 23 | + && chown -R 65532:65532 /etc/orchestrator /var/lib/orchestrator |
48 | 24 |
|
49 | | -USER 777 |
| 25 | +# switch back to nonroot for runtime |
| 26 | +USER 65532 |
50 | 27 | EXPOSE 3000 10008 |
51 | 28 | VOLUME [ "/var/lib/orchestrator" ] |
52 | 29 |
|
53 | | -ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] |
54 | | -CMD ["/usr/local/bin/orchestrator", "-quiet", "-config", "/etc/orchestrator/orchestrator.conf.json", "http"] |
| 30 | +ENTRYPOINT [ "/usr/local/bin/dockerize", \ |
| 31 | + "-no-overwrite", \ |
| 32 | + "-template", \ |
| 33 | + "/usr/local/share/orchestrator/templates/orchestrator.conf.json:/etc/orchestrator/orchestrator.conf.json", \ |
| 34 | + "-template", \ |
| 35 | + "/usr/local/share/orchestrator/templates/orc-topology.cnf:/etc/orchestrator/orc-topology.cnf", \ |
| 36 | + "--" ] |
| 37 | +CMD ["/usr/local/orchestrator/orchestrator", "-quiet", "-config", "/etc/orchestrator/orchestrator.conf.json", "http"] |
0 commit comments