diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..86e6a6b02 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,24 @@ +.git +.github +.gitignore +.golangci.yaml +ADOPTERS.md +CNAME +Dockerfile +Dockerfile.standalone +LICENSE +Makefile +PROJECT +README.md +SECURITY.md +assets +changelog.json +config +cover.out +deploy +design +docs +hack +overrides +site +terraform diff --git a/Dockerfile.standalone b/Dockerfile.standalone new file mode 100644 index 000000000..3c8ffd642 --- /dev/null +++ b/Dockerfile.standalone @@ -0,0 +1,18 @@ +# This version of Dockerfile is for building without external dependencies. +FROM golang:1.18-alpine AS builder +ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 +WORKDIR /app +# Avoid invalidating the `go mod download` cache when only code has changed. +COPY go.mod go.sum /app/ +RUN go mod download +COPY . /app/ +RUN go build -o external-secrets main.go + + +FROM gcr.io/distroless/static AS app +COPY --from=builder /app/external-secrets /bin/external-secrets + +# Run as UID for nobody +USER 65534 + +ENTRYPOINT ["/bin/external-secrets"] diff --git a/docs/guides-using-latest-image.md b/docs/guides-using-latest-image.md index 41bf93c8f..ff88b44e7 100644 --- a/docs/guides-using-latest-image.md +++ b/docs/guides-using-latest-image.md @@ -1,8 +1,8 @@ -You can test a feature that was not yet released using the following method, use it at your own discretion: +You can test a feature that was not yet released using the following methods, use them at your own discretion: +### Helm 1. Create a `values.yaml` file with the following content: - -``` +```yaml replicaCount: 1 image: @@ -14,13 +14,30 @@ image: # -- If set, install and upgrade CRDs through helm chart. installCRDs: false ``` - -2. Install the crds -``` +1. Install the crds +```shell make crds.install ``` - -3. Install the external-secrets Helm chart indicating the values file created before: +1. Install the external-secrets Helm chart indicating the values file created before: ``` helm install external-secrets external-secrets/external-secrets -f values.yaml -``` \ No newline at end of file +``` + + +### Manual +1. Build the Docker image +```shell +docker build -f Dockerfile.standalone -t my-org/external-secrets:latest . +``` +1. Apply the `bundle.yaml` +```shell +kubectl apply -f deploy/crds/bundle.yaml +``` +1. Modify your configs to use the image +```yaml +kind: Deployment +metadata: + name: external-secrets|external-secrets-webhook|external-secrets-cert-controller +... + image: my-org/external-secrets:latest +```