forked from projectcalico/go-build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.amd64
117 lines (99 loc) · 6.09 KB
/
Dockerfile.amd64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
FROM calico/bpftool:v5.3-amd64 as bpftool
FROM golang:1.21.3-bullseye
LABEL maintainer="Shaun Crampton <[email protected]>"
ARG GO_LINT_VERSION=v1.54.2
ARG K8S_VERSION=v1.26.3
ARG LLVM_VERSION=15
ARG MANIFEST_TOOL_VERSION=v1.0.2
ARG MOCKERY_VER=2.27.1
ARG MODSEC_VERSION=v3.0.10
ARG QEMU_ARCHS="arm aarch64 ppc64le s390x"
ARG QEMU_VERSION=7.2.0-1
ARG SU_EXEC_VER=212b75144bbc06722fbd7661f651390dc47a43d1
# Install su-exec for use in the entrypoint.sh (so processes run as the right user)
# Install bash for the entry script (and because it's generally useful)
# Install curl
# Install git for fetching Go dependencies
# Install ssh for fetching Go dependencies
# Install wget since it's useful for fetching
# Install make for building things
# Install util-linux for column command (used for output formatting).
# Install grep, sed, zip, and jq for use in some Makefiles
# Install gcc for cgo.
# Install lsb-release software-properties-common for llvm upgrade script
# Install clang, libbpf and newer kernel headers for building BPF binaries.
# Install libpcre++-dev and libraries for ModSecurity dependencies.
RUN apt-get -y update && apt-get -y upgrade && \
apt-get install --no-install-recommends -y \
libbpf-dev linux-headers-amd64 \
curl git openssh-client make wget util-linux file grep sed jq zip \
lsb-release software-properties-common binutils inetutils-ping iproute2 \
ca-certificates gcc mingw-w64 libc-dev bsdmainutils strace libpcap-dev \
autoconf automake build-essential \
libcurl4-openssl-dev libgeoip-dev liblmdb-dev \
libpcre++-dev libtool libxml2-dev libyajl-dev \
pkgconf zlib1g-dev
RUN curl -sfL https://apt.llvm.org/llvm.sh | bash -s -- ${LLVM_VERSION} && \
apt-get install clang-${LLVM_VERSION}
RUN apt-get autoclean && apt-get clean
# su-exec is used by the entrypoint script to execute the user's command with the right UID/GID.
# (sudo doesn't work easily in a container.) The version was current master at the time of writing.
RUN set -ex; \
curl -o /sbin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/${SU_EXEC_VER}/su-exec.c; \
gcc -Wall /sbin/su-exec.c -o/sbin/su-exec; \
chown root:root /sbin/su-exec; \
chmod 0755 /sbin/su-exec; \
rm /sbin/su-exec.c
RUN curl -sfL https://github.com/vektra/mockery/releases/download/v${MOCKERY_VER}/mockery_${MOCKERY_VER}_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin --extract mockery
# Disable ssh host key checking
RUN echo 'Host *' >> /etc/ssh/ssh_config \
&& echo ' StrictHostKeyChecking no' >> /etc/ssh/ssh_config
# Install go programs that we rely on
# Install ginkgo v2 as ginkgo2 and keep ginkgo v1 as ginkgo
RUN \
go install github.com/onsi/ginkgo/v2/[email protected] && \
mv /go/bin/ginkgo /go/bin/ginkgo2 && \
go install github.com/onsi/ginkgo/[email protected] && \
go install golang.org/x/tools/cmd/[email protected] && \
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GO_LINT_VERSION && \
go install github.com/pmezard/licenses@master && \
go install github.com/wadey/gocovmerge@master && \
go install github.com/mikefarah/yq/[email protected] && \
go install github.com/jstemmer/[email protected] && \
go install golang.org/x/tools/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install k8s.io/code-generator/cmd/[email protected] && \
go install github.com/swaggo/swag/cmd/[email protected] && \
go install gotest.tools/gotestsum@latest && \
go clean -modcache && go clean -cache
# Install necessary Kubernetes binaries used in tests.
RUN wget https://dl.k8s.io/${K8S_VERSION}/bin/linux/amd64/kube-apiserver -O /usr/local/bin/kube-apiserver && chmod +x /usr/local/bin/kube-apiserver && \
wget https://dl.k8s.io/release/${K8S_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
wget https://dl.k8s.io/${K8S_VERSION}/bin/linux/amd64/kube-controller-manager -O /usr/local/bin/kube-controller-manager && chmod +x /usr/local/bin/kube-controller-manager
# Used for generating CRD files.
# Download a version of controller-gen that has been hacked to support additional types (e.g., float).
# We can remove this once we update the Calico v3 APIs to use only types which are supported by the upstream controller-gen
# tooling. Example: float, all the types in the numorstring package, etc.
RUN wget -O ${GOPATH}/bin/controller-gen https://github.com/projectcalico/controller-tools/releases/download/calico-0.1/controller-gen && chmod +x ${GOPATH}/bin/controller-gen
# Enable non-native runs on amd64 architecture hosts
RUN for i in ${QEMU_ARCHS}; do curl -sfL https://github.com/multiarch/qemu-user-static/releases/download/v${QEMU_VERSION}/qemu-${i}-static.tar.gz | tar xz -C /usr/bin; done
# Ensure that everything under the GOPATH is writable by everyone
RUN chmod -R 777 $GOPATH
RUN curl -sfL https://github.com/estesp/manifest-tool/releases/download/${MANIFEST_TOOL_VERSION}/manifest-tool-linux-amd64 -o /usr/bin/manifest-tool && \
chmod +x /usr/bin/manifest-tool
# crane is needed for our release targets to copy images from the dev registries to the release registries.
RUN curl -sfL https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-containerregistry_Linux_x86_64.tar.gz | tar xz -C /usr/bin crane
# Add bpftool for Felix UT/FV.
COPY --from=bpftool /bpftool /usr/bin
# Build ModSecurity for Dikastes.
RUN git clone -b ${MODSEC_VERSION} --depth 1 --recurse-submodules --shallow-submodules https://github.com/SpiderLabs/ModSecurity.git /build && \
cd /build && ./build.sh && ./configure && \
make && make install && \
rm -fr /build
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]