-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile
49 lines (39 loc) · 1.64 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
###############################################################################
#### Run the build on alpine - istiod doesn't need more.
# Main docker images for istiod will be distroless and alpine.
FROM golang:1.16-alpine AS build-base
WORKDIR /ws
ENV GO111MODULE=on
ENV CGO_ENABLED=0
ENV GOOS=linux
ENV GOPROXY=https://proxy.golang.org
RUN apk add --no-cache git
# With caching should avoid repeated downloads as long as the sum/mod don't change
COPY go.mod go.sum ./
RUN go mod download
###############################################################################
FROM build-base AS build
COPY cmd ./cmd
COPY pkg ./pkg
# Runs in /go directory
RUN go build -a -ldflags '-extldflags "-static"' -o istiod ./cmd/istiod
RUN go build -a -ldflags '-extldflags "-static"' -o istiod-vm ./cmd/istio-agent
###############################################################################
### Container running the combined control plane, with an alpine base ( smaller than distroless but with shell )
### TODO: add a distroless variant.
### This image should work as a drop-in replacement for Pilot, Galley(MCP portion), WebhookInjector
### Citadel, Gallye/Validation remain as separate deployments.
FROM envoyproxy/envoy-alpine AS istio-control
COPY --from=build /ws/istiod /usr/local/bin/istiod
WORKDIR /
RUN mkdir -p /etc/certs && \
mkdir -p /etc/istio/proxy && \
mkdir -p /etc/istio/config && \
mkdir -p /var/lib/istio/envoy && \
mkdir -p /var/lib/istio/config && \
mkdir -p /var/lib/istio/proxy && \
chown -R 1337 /etc/certs /etc/istio /var/lib/istio
# Defaults
COPY ./var/lib/istio /var/lib/istio/
USER 1337:1337
ENTRYPOINT /usr/local/bin/istiod