lukaszraczylo/kubemirror
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubemirror.git synced 2026-06-05 22:43:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
kubemirror/Dockerfile
T
lukaszraczylo 8adb52608f initial commit
2025-12-25 22:10:57 +00:00

45 lines
1.2 KiB
Docker
Raw Permalink Blame History

# Build stage
FROM golang:1.25-alpine AS builder
# Install ca-certificates for HTTPS support
RUN apk add --no-cache ca-certificates
WORKDIR /workspace
# Copy go mod files first for better caching
COPY go.mod go.sum ./
RUN go mod download && go mod verify
# Copy source code
COPY cmd/ cmd/
COPY pkg/ pkg/
# Build the binary with security flags
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} go build \
-trimpath \
-ldflags="-w -s -extldflags '-static'" \
-tags=netgo \
-o kubemirror \
./cmd/kubemirror
# Runtime stage - using distroless for minimal attack surface
FROM gcr.io/distroless/static:nonroot
LABEL org.opencontainers.image.title="kubemirror"
LABEL org.opencontainers.image.description="Kubernetes controller for mirroring resources across namespaces"
LABEL org.opencontainers.image.source="https://github.com/lukaszraczylo/kubemirror"
LABEL org.opencontainers.image.licenses="MIT"
WORKDIR /
# Copy ca-certificates for HTTPS
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy the binary from builder
COPY --from=builder /workspace/kubemirror /kubemirror
# Use nonroot user (uid:gid 65532:65532)
USER 65532:65532
ENTRYPOINT ["/kubemirror"]
Reference in New Issue View Git Blame Copy Permalink