build: optimize Dockerfile

Author: masontikhonov

Dockerfile

@@ -1,29 +1,46 @@
-FROM alpine:3.22.1 AS builder
-RUN apk update \
-    && apk add curl
-RUN export ARCH=$([[ "$(uname -m)" == "aarch64" ]] && echo "arm64" || echo "amd64") \
-    && mkdir -p /tmp/kubectl-versions && cd /tmp/kubectl-versions \
-    && curl -o kubectl1.34 -L https://storage.googleapis.com/kubernetes-release/release/v1.34.1/bin/linux/${ARCH}/kubectl \
-    && curl -o kubectl1.33 -L https://storage.googleapis.com/kubernetes-release/release/v1.33.5/bin/linux/${ARCH}/kubectl \
-    && curl -o kubectl1.32 -L https://storage.googleapis.com/kubernetes-release/release/v1.32.9/bin/linux/${ARCH}/kubectl
-
-FROM debian:bookworm-20250908-slim AS prod
-RUN apt-get update -y
-# install busybox by building source until it's unavailable by apt-get for v1.36.1 ad no need to link [[
-RUN apt-get install --no-install-recommends wget build-essential -y && \
-    wget --no-check-certificate https://busybox.net/downloads/busybox-1.36.1.tar.bz2 && \
-    tar -xvjf busybox-1.36.1.tar.bz2 && \
-    cd busybox-1.36.1 && \
-    make defconfig && \
-    make && \
-    make CONFIG_PREFIX="/" install
+ARG DEBIAN_VERSION=bookworm-20251103-slim
+
+
+FROM debian:${DEBIAN_VERSION} AS builder
+ARG TARGETPLATFORM
+RUN apt-get update && apt-get install -y build-essential
+
+ARG BUSYBOX_VERSION=1.36.1
+ADD https://busybox.net/downloads/busybox-${BUSYBOX_VERSION}.tar.bz2 /busybox-${BUSYBOX_VERSION}.tar.bz2
+ADD https://busybox.net/downloads/busybox-${BUSYBOX_VERSION}.tar.bz2.sha256 /busybox-${BUSYBOX_VERSION}.tar.bz2.sha256
+RUN echo "$(cat busybox-${BUSYBOX_VERSION}.tar.bz2.sha256)  busybox-${BUSYBOX_VERSION}.tar.bz2" | sha256sum --check
+RUN tar -xvjf busybox-${BUSYBOX_VERSION}.tar.bz2 \
+    && cd busybox-${BUSYBOX_VERSION} \
+    && make defconfig \
+    && make \
+    && make CONFIG_PREFIX="/" install
+
+ADD https://dl.k8s.io/release/v1.34.1/bin/${TARGETPLATFORM}/kubectl /kubectl/kubectl1.34
+ADD https://dl.k8s.io/release/v1.34.1/bin/${TARGETPLATFORM}/kubectl.sha256 /kubectl1.34.sha256
+RUN echo "$(cat kubectl1.34.sha256)  /kubectl/kubectl1.34" | sha256sum --check
+
+ADD https://dl.k8s.io/release/v1.33.5/bin/${TARGETPLATFORM}/kubectl /kubectl/kubectl1.33
+ADD https://dl.k8s.io/release/v1.33.5/bin/${TARGETPLATFORM}/kubectl.sha256 /kubectl1.33.sha256
+RUN echo "$(cat kubectl1.33.sha256)  /kubectl/kubectl1.33" | sha256sum --check
+
+ADD https://dl.k8s.io/release/v1.32.9/bin/${TARGETPLATFORM}/kubectl /kubectl/kubectl1.32
+ADD https://dl.k8s.io/release/v1.32.9/bin/${TARGETPLATFORM}/kubectl.sha256 /kubectl1.32.sha256
+RUN echo "$(cat kubectl1.32.sha256)  /kubectl/kubectl1.32" | sha256sum --check
+
+
+
+FROM debian:${DEBIAN_VERSION} AS prod
 RUN adduser --gecos "" --disabled-password --home /home/cfu --shell /bin/bash cfu
-#copy all versions of kubectl to switch between them later.
-COPY --chown=cfu --chmod=775 --from=builder /tmp/kubectl-versions/* /usr/local/bin/
-COPY --chown=cfu --chmod=775 --from=builder /tmp/kubectl-versions/kubectl1.34 /usr/local/bin/kubectl
+
+COPY --chown=cfu --chmod=775 cf-deploy-kubernetes.sh /cf-deploy-kubernetes
+COPY --chown=cfu --chmod=775 template.sh /template.sh
+
+COPY --chown=cfu --chmod=775 --from=builder /usr/bin/busybox /usr/bin/busybox
+RUN busybox --install
+
+COPY --chown=cfu --chmod=775 --from=builder /kubectl/* /usr/local/bin/
+RUN ln -s /usr/local/bin/kubectl1.34 /usr/local/bin/kubectl
 
 WORKDIR /
-ADD --chown=cfu --chmod=775 cf-deploy-kubernetes.sh /cf-deploy-kubernetes
-ADD --chown=cfu --chmod=775 template.sh /template.sh
 USER cfu
 CMD ["bash"]