forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-envoy
96 lines (78 loc) · 3.53 KB
/
Dockerfile-envoy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
ARG BUILD_OS=ubuntu
ARG BUILD_TAG=20.04
ARG ENVOY_VRP_BASE_IMAGE=envoy-base
FROM scratch AS binary
COPY ci/docker-entrypoint.sh /
ADD configs/envoyproxy_io_proxy.yaml /etc/envoy/envoy.yaml
ARG TARGETPLATFORM
ENV TARGETPLATFORM=${TARGETPLATFORM:-linux/amd64}
ARG ENVOY_BINARY=envoy
COPY --chown=0:0 ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/su-exec /usr/local/bin/
COPY ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release/schema_validator_tool /usr/local/bin/schema_validator_tool
ARG ENVOY_BINARY_SUFFIX=_stripped
ADD ${TARGETPLATFORM}/build_${ENVOY_BINARY}_release${ENVOY_BINARY_SUFFIX}/envoy* /usr/local/bin/
# STAGE: envoy
FROM ${BUILD_OS}:${BUILD_TAG} AS envoy-base
ENV DEBIAN_FRONTEND=noninteractive
RUN mkdir -p /etc/envoy
RUN adduser --group --system envoy
# NB: Adding this here means that following steps, for example updating the system packages, are run
# when the version file changes. This should mean that a release version will always update.
# In PRs this will just use cached layers unless either this file changes or the version has changed.
ADD VERSION.txt /etc/envoy
RUN apt-get -qq update && apt-get -qq upgrade -y \
&& apt-get -qq install --no-install-recommends -y ca-certificates \
&& apt-get -qq autoremove -y && apt-get clean \
&& rm -rf /tmp/* /var/tmp/* \
&& rm -rf /var/lib/apt/lists/*
EXPOSE 10000
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
# STAGE: envoy
FROM envoy-base AS envoy
COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml
COPY --from=binary /docker-entrypoint.sh /
COPY --from=binary /usr/local/bin/su-exec /usr/local/bin/
COPY --from=binary /usr/local/bin/envoy* /usr/local/bin/
# STAGE: envoy-distroless
# gcr.io/distroless/base-nossl-debian11:nonroot
FROM gcr.io/distroless/base-nossl-debian11:nonroot@sha256:8c880faa0cb8c3fe60cae75de2cf4f6e7b53bd977a351a7e5ab510394e509f24 AS envoy-distroless
EXPOSE 10000
ENTRYPOINT ["/usr/local/bin/envoy"]
CMD ["-c", "/etc/envoy/envoy.yaml"]
COPY --from=binary /etc/envoy/envoy.yaml /etc/envoy/envoy.yaml
COPY --from=binary /usr/local/bin/envoy* /usr/local/bin/
# STAGE: envoy-google-vrp-base
FROM ${ENVOY_VRP_BASE_IMAGE} AS envoy-google-vrp-base
EXPOSE 10000
EXPOSE 10001
CMD ["supervisord", "-c", "/etc/supervisor.conf"]
ENTRYPOINT []
ADD configs/google-vrp/envoy-edge.yaml /etc/envoy/envoy-edge.yaml
ADD configs/google-vrp/envoy-origin.yaml /etc/envoy/envoy-origin.yaml
ADD configs/google-vrp/launch_envoy.sh /usr/local/bin/launch_envoy.sh
ADD test/config/integration/certs/serverkey.pem /etc/envoy/certs/serverkey.pem
ADD test/config/integration/certs/servercert.pem /etc/envoy/certs/servercert.pem
RUN apt-get -qq update \
&& apt-get -qq upgrade -y \
&& apt-get -qq install -y libc++1 supervisor gdb strace tshark \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /tmp/* /var/tmp/* \
&& rm -rf /var/lib/apt/lists/*
ADD configs/google-vrp/supervisor.conf /etc/supervisor.conf
RUN chmod 777 /var/log/supervisor
RUN chmod a+r /etc/supervisor.conf /etc/envoy/* /etc/envoy/certs/*
RUN chmod a+rx /usr/local/bin/launch_envoy.sh
# STAGE: envoy-google-vrp
FROM envoy-google-vrp-base as envoy-google-vrp
COPY --from=binary /usr/local/bin/envoy /usr/local/bin/envoy
# STAGE: envoy-google-vrp-custom
FROM envoy-google-vrp-base as envoy-google-vrp-custom
ARG ENVOY_CTX_BINARY_PATH
ADD "${ENVOY_CTX_BINARY_PATH}" /usr/local/bin/envoy
# STAGE: envoy-tools
FROM envoy AS envoy-tools
COPY --from=binary /usr/local/bin/schema_validator_tool /usr/local/bin/
# Make envoy image as last stage so it is built by default
FROM envoy