-
Notifications
You must be signed in to change notification settings - Fork 99
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Slim down docker image for appcore rp
Part of: #2582 This change switches us to distroless for the appcore rp docker image from mariner. The overall impact is that the reduces the size from 245mb to 53mb. Additionally added ca-certificates to the UCP image. We will need these to proxy to clouds like AWS and Azure, so adding them now.
- Loading branch information
Showing
6 changed files
with
32 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,23 +1,11 @@ | ||
| FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 | ||
| FROM gcr.io/distroless/static:nonroot | ||
| WORKDIR / | ||
|
|
||
| RUN yum -y install wget ca-certificates shadow-utils | ||
| RUN apk --no-cache add ca-certificates | ||
|
|
||
| # Install libifxaudit | ||
| RUN wget https://packages.microsoft.com/centos/7/prod/libifxaudit-1.0-1525.x86_64.rpm && rpm -i libifxaudit-1.0-1525.x86_64.rpm | ||
| COPY ./* / | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| RUN mkdir /app/config | ||
| COPY ./* /app/ | ||
|
|
||
| RUN groupadd --gid 2000 radius | ||
|
|
||
| RUN useradd --home "/nonexistent" --shell "/sbin/nologin" --gid radius --uid 1000 radius | ||
|
|
||
| RUN chmod 770 /app/appcore-rp | ||
| RUN chown radius.radius -R /app | ||
|
|
||
| USER radius | ||
| USER 65532:65532 | ||
|
|
||
| EXPOSE 8080 | ||
| ENTRYPOINT ["/app/appcore-rp"] | ||
| ENTRYPOINT ["/appcore-rp"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 | ||
|
|
||
| RUN yum -y install wget ca-certificates shadow-utils | ||
|
|
||
| # Install libifxaudit | ||
| RUN wget https://packages.microsoft.com/centos/7/prod/libifxaudit-1.0-1525.x86_64.rpm && rpm -i libifxaudit-1.0-1525.x86_64.rpm | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| RUN mkdir /app/config | ||
| COPY ./* /app/ | ||
|
|
||
| RUN groupadd --gid 2000 radius | ||
|
|
||
| RUN useradd --home "/nonexistent" --shell "/sbin/nologin" --gid radius --uid 1000 radius | ||
|
|
||
| RUN chmod 770 /app/appcore-rp | ||
| RUN chown radius.radius -R /app | ||
|
|
||
| USER radius | ||
|
|
||
| EXPOSE 8080 | ||
| ENTRYPOINT ["/app/appcore-rp"] |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters