1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-15 17:50:49 +00:00
node-feature-discovery/Dockerfile
Kubernetes Prow Robot a68a4ec4fb
Merge pull request #325 from marquiz/devel/hardening
Container image hardening
2020-08-21 02:51:39 -07:00

35 lines
956 B
Docker

# Build node feature discovery
FROM golang:1.13.12 as builder
# Get (cache) deps in a separate layer
COPY go.mod go.sum /go/node-feature-discovery/
WORKDIR /go/node-feature-discovery
RUN go mod download
# Do actual build
COPY . /go/node-feature-discovery
ARG NFD_VERSION
ARG HOSTMOUNT_PREFIX
RUN go install \
-ldflags "-s -w -X sigs.k8s.io/node-feature-discovery/pkg/version.version=$NFD_VERSION -X sigs.k8s.io/node-feature-discovery/source.pathPrefix=$HOSTMOUNT_PREFIX" \
./cmd/*
RUN install -D -m644 nfd-worker.conf.example /etc/kubernetes/node-feature-discovery/nfd-worker.conf
RUN make test
# Create production image for running node feature discovery
FROM debian:stretch-slim
# Run as unprivileged user
USER 65534:65534
# Use more verbose logging of gRPC
ENV GRPC_GO_LOG_SEVERITY_LEVEL="INFO"
COPY --from=builder /etc/kubernetes/node-feature-discovery /etc/kubernetes/node-feature-discovery
COPY --from=builder /go/bin/nfd-* /usr/bin/