41 lines
782 B
Docker
41 lines
782 B
Docker
# Build stage
|
|
FROM golang:1.22-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache git ca-certificates
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy source
|
|
COPY main.go ./
|
|
|
|
# Build static binary
|
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
|
|
-ldflags="-w -s" \
|
|
-o lifecycle-sidecar \
|
|
main.go
|
|
|
|
# Runtime stage
|
|
FROM alpine:3.19
|
|
|
|
# Install procps for process monitoring (pgrep, kill)
|
|
RUN apk add --no-cache procps ca-certificates
|
|
|
|
# Create non-root user
|
|
RUN addgroup -g 1000 sidecar && \
|
|
adduser -D -u 1000 -G sidecar sidecar
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /app/lifecycle-sidecar /app/lifecycle-sidecar
|
|
|
|
# Run as non-root
|
|
USER sidecar
|
|
|
|
ENTRYPOINT ["/app/lifecycle-sidecar"]
|