forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.scratch
42 lines (38 loc) · 1.44 KB
/
Dockerfile.scratch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Build stage
ARG goversion
FROM golang:${goversion}-alpine as builder
RUN apk add build-base git mercurial ca-certificates
RUN apk add --update gcc musl-dev
ADD go.mod /spire/go.mod
RUN cd /spire && go mod download
ADD . /spire
WORKDIR /spire
RUN make build-static
# SPIRE Server
FROM scratch AS spire-server-scratch
COPY --from=builder /spire/bin/spire-server-static /opt/spire/bin/spire-server
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
WORKDIR /opt/spire
ENTRYPOINT ["/opt/spire/bin/spire-server", "run"]
CMD []
FROM scratch AS spire-agent-scratch
COPY --from=builder /spire/bin/spire-agent-static /opt/spire/bin/spire-agent
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
WORKDIR /opt/spire
EXPOSE 8080 8443
ENTRYPOINT ["/opt/spire/bin/spire-agent", "run"]
CMD []
# K8S Workload Registrar
FROM scratch AS k8s-workload-registrar-scratch
COPY --from=builder /spire/bin/k8s-workload-registrar-static /opt/spire/bin/k8s-workload-registrar
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
WORKDIR /opt/spire
ENTRYPOINT ["/opt/spire/bin/k8s-workload-registrar"]
CMD []
# OIDC Discovery Provider
FROM scratch AS oidc-discovery-provider-scratch
COPY --from=builder /spire/bin/oidc-discovery-provider-static /opt/spire/bin/oidc-discovery-provider
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
WORKDIR /opt/spire
ENTRYPOINT ["/opt/spire/bin/oidc-discovery-provider"]
CMD []