public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

modified: Dockerfile 

new file:   Dockerfile.arm64
	new file:   Dockerfile.armv6
This commit is contained in:
lixianlin01 2023-03-28 19:00:47 +08:00
parent dd4fa414ea
commit 0bb2b401de
3 changed files with 71 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Dockerfile
View File

@ -1,27 +1,16 @@
# This ARG has to be at the top, otherwise the docker daemon does not known what to do with FROM ${RUNTIME_IMAGE} FROM golang:1.19-buster AS builder
ARG RUNTIME_IMAGE=alpine:3.17.2
# All builds should be done using the platform native to the build node to allow
# cache sharing of the go mod download step.
# Go cross compilation is also faster than emulation the go compilation across
# multiple platforms.
FROM --platform=${BUILDPLATFORM} golang:1.19-buster AS builder
# Copy sources # Copy sources
WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies # Fetch dependencies
COPY go.mod go.sum ./ COPY go.mod go.sum ./
RUN go mod download RUN GO111MODULE=on go mod download
# Now pull in our code # Now pull in our code
COPY . . COPY . .
# Arguments go here so that the previous steps can be cached if no external
# sources have changed.
ARG VERSION ARG VERSION
ARG TARGETPLATFORM
ARG BUILDPLATFORM
# Build binary and make sure there is at least an empty key file. # Build binary and make sure there is at least an empty key file.
# This is useful for GCP App Engine custom runtime builds, because # This is useful for GCP App Engine custom runtime builds, because
@ -29,26 +18,16 @@ ARG BUILDPLATFORM
# build the key into the container and then tell it where it is # build the key into the container and then tell it where it is
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem # by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
# in app.yaml instead. # in app.yaml instead.
# Set the cross compilation arguments based on the TARGETPLATFORM which is RUN VERSION=${VERSION} make build && touch jwt_signing_key.pem
# automatically set by the docker engine.
RUN case ${TARGETPLATFORM} in \
"linux/amd64") GOARCH=amd64 ;; \
# arm64 and arm64v8 are equivilant in go and do not require a goarm
# https://github.com/golang/go/wiki/GoArm
"linux/arm64" | "linux/arm/v8") GOARCH=arm64 ;; \
"linux/ppc64le") GOARCH=ppc64le ;; \
"linux/arm/v6") GOARCH=arm GOARM=6 ;; \
esac && \
printf "Building OAuth2 Proxy for arch ${GOARCH}\n" && \
GOARCH=${GOARCH} VERSION=${VERSION} make build && touch jwt_signing_key.pem
# Copy binary to alpine # Copy binary to alpine
FROM ${RUNTIME_IMAGE} FROM alpine:3.14
COPY nsswitch.conf /etc/nsswitch.conf COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/pkg/app/pagewriter/login /bin/static/login
# UID/GID 65532 is also known as nonroot user in distroless image USER 2000:2000
USER 65532:65532
ENTRYPOINT ["/bin/oauth2-proxy"] ENTRYPOINT ["/bin/oauth2-proxy"]

32
Dockerfile.arm64 Normal file
View File

@ -0,0 +1,32 @@
FROM golang:1.19-buster AS builder
# Copy sources
WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies
COPY go.mod go.sum ./
RUN GO111MODULE=on go mod download
# Now pull in our code
COPY . .
ARG VERSION
# Build binary and make sure there is at least an empty key file.
# This is useful for GCP App Engine custom runtime builds, because
# you cannot use multiline variables in their app.yaml, so you have to
# build the key into the container and then tell it where it is
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
# in app.yaml instead.
RUN VERSION=${VERSION} GOARCH=arm64 make build && touch jwt_signing_key.pem
# Copy binary to alpine
FROM arm64v8/alpine:3.14
COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
USER 2000:2000
ENTRYPOINT ["/bin/oauth2-proxy"]

32
Dockerfile.armv6 Normal file
View File

@ -0,0 +1,32 @@
FROM golang:1.19-buster AS builder
# Copy sources
WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
# Fetch dependencies
COPY go.mod go.sum ./
RUN GO111MODULE=on go mod download
# Now pull in our code
COPY . .
ARG VERSION
# Build binary and make sure there is at least an empty key file.
# This is useful for GCP App Engine custom runtime builds, because
# you cannot use multiline variables in their app.yaml, so you have to
# build the key into the container and then tell it where it is
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
# in app.yaml instead.
RUN VERSION=${VERSION} GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem
# Copy binary to alpine
FROM arm32v6/alpine:3.14
COPY nsswitch.conf /etc/nsswitch.conf
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
USER 2000:2000
ENTRYPOINT ["/bin/oauth2-proxy"]