-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
128 lines (98 loc) · 4.35 KB
/
Dockerfile
File metadata and controls
128 lines (98 loc) · 4.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# syntax=docker/dockerfile:1
# Mogenius Operator Build
# Uses pre-built base images - no apt-get install or package downloads needed
#
# Cross-compilation support:
# For armv7, we use amd64 builder images with --platform=$BUILDPLATFORM
# Go cross-compiles natively, which is much faster than QEMU emulation
# =============================================================================
# Stage 1: Import pre-built tools from dedicated images
# =============================================================================
ARG GO_BUILDER_IMAGE=ghcr.io/mogenius/go-builder:latest
ARG RUST_BUILDER_IMAGE=ghcr.io/mogenius/rust-builder:latest
ARG BPFTOOL_IMAGE=ghcr.io/mogenius/bpftool:latest
ARG SNOOPY_IMAGE=ghcr.io/mogenius/snoopy:latest
ARG RUNTIME_IMAGE=ghcr.io/mogenius/runtime:latest
# Get bpftool binary (target platform - armv7 binary for armv7 build)
FROM ${BPFTOOL_IMAGE} AS bpftool-source
# Get snoopy binary (target platform - armv7 binary for armv7 build)
FROM ${SNOOPY_IMAGE} AS snoopy-source
# Get Just from rust-builder (build platform - runs on host for cross-compilation)
ARG BUILDPLATFORM
# FROM --platform=$BUILDPLATFORM ${RUST_BUILDER_IMAGE} AS rust-source
# =============================================================================
# Stage 2: Build Environment (runs on build platform for cross-compilation)
# =============================================================================
FROM --platform=$BUILDPLATFORM ${GO_BUILDER_IMAGE} AS build-env
# Copy bpftool (from target platform image - cannot run on build platform if cross-compiling)
COPY --from=bpftool-source /usr/local/sbin/bpftool /usr/local/sbin/bpftool
# Verify tools that run on build platform
RUN go version
WORKDIR /app
# =============================================================================
# Stage 3: Build the Operator
# =============================================================================
FROM build-env AS builder
LABEL org.opencontainers.image.description="mogenius-operator"
ENV VERIFY_CHECKSUM=false
ENV CGO_ENABLED=0
ARG TARGETOS
ARG TARGETARCH
ARG TARGETVARIANT
ARG COMMIT_HASH=NOT_SET
ARG GIT_BRANCH=NOT_SET
ARG BUILD_TIMESTAMP=NOT_SET
ARG VERSION=NOT_SET
# Download dependencies first (better layer caching)
COPY go.mod go.sum ./
RUN go mod download
# Copy source code
COPY . .
# Generate code
RUN go generate ./...
# Build the operator binary
RUN set -e && \
export GOOS=${TARGETOS:-linux} && \
export GOARCH=${TARGETARCH} && \
if [ "${TARGETARCH}" = "arm" ] && [ -n "${TARGETVARIANT}" ]; then \
export GOARM=${TARGETVARIANT#v}; \
echo "Cross-compiling for ARM with GOARM=${GOARM}"; \
fi && \
echo "=== Build Configuration ===" && \
echo "GOOS: ${GOOS}" && \
echo "GOARCH: ${GOARCH}" && \
echo "GOARM: ${GOARM:-n/a}" && \
echo "VERSION: ${VERSION}" && \
echo "Host arch: $(uname -m)" && \
echo "===========================" && \
go mod tidy && \
go build -v -trimpath \
-gcflags='all=-l' \
-ldflags="-s -w \
-X mogenius-operator/src/version.GitCommitHash=${COMMIT_HASH} \
-X mogenius-operator/src/version.Branch=${GIT_BRANCH} \
-X mogenius-operator/src/version.BuildTimestamp=${BUILD_TIMESTAMP} \
-X mogenius-operator/src/version.Ver=${VERSION}" \
-o bin/mogenius-operator \
./src/main.go
# Verify binary was created
RUN ls -lh bin/
# =============================================================================
# Stage 4: Release Image
# =============================================================================
FROM scratch AS release-image
# CA certificates for TLS/WSS connections to platform API
COPY --from=alpine:3.23 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# nsenter from Alpine (links against musl) + musl dynamic linker
# The musl linker filename is arch-specific (x86_64, aarch64, armhf, ...)
COPY --from=alpine:3.23 /usr/bin/nsenter /usr/local/bin/nsenter
COPY --from=alpine:3.23 /lib/ld-musl-*.so.1 /lib/
# Operator binary (CGO_ENABLED=0, statically linked)
COPY --from=builder /app/bin/mogenius-operator /usr/local/bin/mogenius-operator
# Snoopy binary (Rust + musl target, statically linked)
COPY --from=snoopy-source /usr/local/bin/snoopy /usr/local/bin/mogenius-snoopy
WORKDIR /app
ENV PATH=/usr/local/bin
ENV MO_LOG_LEVEL="warn"
ENTRYPOINT ["/usr/local/bin/mogenius-operator"]
CMD ["cluster"]