mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2024-12-15 17:50:49 +00:00
a68a4ec4fb
Container image hardening
35 lines
956 B
Docker
35 lines
956 B
Docker
# Build node feature discovery
|
|
FROM golang:1.13.12 as builder
|
|
|
|
# Get (cache) deps in a separate layer
|
|
COPY go.mod go.sum /go/node-feature-discovery/
|
|
|
|
WORKDIR /go/node-feature-discovery
|
|
|
|
RUN go mod download
|
|
|
|
# Do actual build
|
|
COPY . /go/node-feature-discovery
|
|
|
|
ARG NFD_VERSION
|
|
ARG HOSTMOUNT_PREFIX
|
|
|
|
RUN go install \
|
|
-ldflags "-s -w -X sigs.k8s.io/node-feature-discovery/pkg/version.version=$NFD_VERSION -X sigs.k8s.io/node-feature-discovery/source.pathPrefix=$HOSTMOUNT_PREFIX" \
|
|
./cmd/*
|
|
RUN install -D -m644 nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
|
|
|
|
RUN make test
|
|
|
|
|
|
# Create production image for running node feature discovery
|
|
FROM debian:stretch-slim
|
|
|
|
# Run as unprivileged user
|
|
USER 65534:65534
|
|
|
|
# Use more verbose logging of gRPC
|
|
ENV GRPC_GO_LOG_SEVERITY_LEVEL="INFO"
|
|
|
|
COPY --from=builder /etc/kubernetes/node-feature-discovery /etc/kubernetes/node-feature-discovery
|
|
COPY --from=builder /go/bin/nfd-* /usr/bin/
|