Skip to content

Commit

Permalink
chore: use base images from mcr (#1208)
Browse files Browse the repository at this point in the history
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
  • Loading branch information
aramase authored Dec 14, 2023
1 parent a93f474 commit a86986b
Show file tree
Hide file tree
Showing 7 changed files with 11 additions and 33 deletions.
2 changes: 1 addition & 1 deletion docker/proxy-init.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM --platform=${TARGETPLATFORM:-linux/amd64} registry.k8s.io/build-image/distroless-iptables:v0.4.2
FROM --platform=${TARGETPLATFORM:-linux/amd64} registry.k8s.io/build-image/distroless-iptables:v0.4.3

COPY ./init/init-iptables.sh /bin/
RUN chmod +x /bin/init-iptables.sh
Expand Down
9 changes: 2 additions & 7 deletions docker/proxy.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
ARG BUILDER=mcr.microsoft.com/oss/go/microsoft/golang:1.21-bullseye
ARG BASEIMAGE=gcr.io/distroless/static:nonroot

FROM ${BUILDER} as builder
FROM mcr.microsoft.com/oss/go/microsoft/golang:1.21-bookworm as builder

ARG LDFLAGS

Expand All @@ -21,9 +18,7 @@ COPY pkg/ pkg/
ARG TARGETARCH
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/azure-workload-identity/pkg/version.BuildVersion=latest}" -o proxy main.go

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM --platform=${TARGETPLATFORM:-linux/amd64} ${BASEIMAGE}
FROM --platform=${TARGETPLATFORM:-linux/amd64} mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0-nonroot
WORKDIR /
COPY --from=builder /workspace/proxy .
# Kubernetes runAsNonRoot requires USER to be numeric
Expand Down
9 changes: 2 additions & 7 deletions docker/webhook.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
ARG BUILDER=mcr.microsoft.com/oss/go/microsoft/golang:1.21-bullseye
ARG BASEIMAGE=gcr.io/distroless/static:nonroot

# Build the manager binary
FROM ${BUILDER} as builder
FROM mcr.microsoft.com/oss/go/microsoft/golang:1.21-bookworm as builder

ARG LDFLAGS

Expand All @@ -22,9 +19,7 @@ COPY pkg/ pkg/
ARG TARGETARCH
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -ldflags "${LDFLAGS:--X github.com/Azure/azure-workload-identity/pkg/version.BuildVersion=latest}" -o manager main.go

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM --platform=${TARGETPLATFORM:-linux/amd64} ${BASEIMAGE}
FROM --platform=${TARGETPLATFORM:-linux/amd64} mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0-nonroot
WORKDIR /
COPY --from=builder /workspace/manager .
# Kubernetes runAsNonRoot requires USER to be numeric
Expand Down
9 changes: 2 additions & 7 deletions examples/msal-go/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
ARG BUILDER=mcr.microsoft.com/oss/go/microsoft/golang:1.21-bullseye
ARG BASEIMAGE=gcr.io/distroless/static:nonroot

FROM ${BUILDER} as builder
FROM mcr.microsoft.com/oss/go/microsoft/golang:1.21-bookworm as builder

WORKDIR /workspace
# Copy the Go Modules manifests
Expand All @@ -19,9 +16,7 @@ COPY token_credential.go token_credential.go
ARG TARGETARCH
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} GO111MODULE=on go build -a -o msalgo .

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM --platform=${TARGETPLATFORM:-linux/amd64} ${BASEIMAGE}
FROM --platform=${TARGETPLATFORM:-linux/amd64} mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0-nonroot
WORKDIR /
COPY --from=builder /workspace/msalgo .
# Kubernetes runAsNonRoot requires USER to be numeric
Expand Down
3 changes: 1 addition & 2 deletions examples/msal-go/windows.Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
ARG BUILDER=mcr.microsoft.com/oss/go/microsoft/golang:1.21-bullseye
ARG SERVERCORE_CACHE=gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-amd64-${OS_VERSION:-1809}
ARG BASEIMAGE=mcr.microsoft.com/windows/nanoserver:${OS_VERSION:-1809}

FROM --platform=linux/amd64 ${BUILDER} as builder
FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.21-bookworm as builder

WORKDIR /workspace
# Copy the Go Modules manifests
Expand Down
4 changes: 1 addition & 3 deletions examples/msal-node/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
ARG BUILDER=mcr.microsoft.com/cbl-mariner/base/nodejs:16
ARG BASEIMAGE=mcr.microsoft.com/mirror/gcr/distroless/nodejs-debian11:16

# ref: https://github.com/GoogleContainerTools/distroless/blob/main/examples/nodejs/Dockerfile
FROM ${BUILDER} AS build-env
FROM mcr.microsoft.com/oss/go/microsoft/golang:1.21-bookworm as build-env
ADD . /app
WORKDIR /app
RUN npm install
Expand Down
8 changes: 2 additions & 6 deletions examples/msal-python/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
ARG BUILDER=debian:11-slim
ARG BASEIMAGE=gcr.io/distroless/python3-debian11

# ref: https://github.com/GoogleContainerTools/distroless/blob/main/examples/python3-requirements/Dockerfile
FROM ${BUILDER} AS build
FROM mcr.microsoft.com/mirror/docker/library/debian:bookworm-slim AS build
RUN apt-get update && \
apt-get install --no-install-suggests --no-install-recommends --yes python3-venv gcc libpython3-dev && \
python3 -m venv /venv && \
Expand All @@ -14,7 +10,7 @@ COPY requirements.txt /requirements.txt
RUN /venv/bin/pip install --disable-pip-version-check -r /requirements.txt

# Copy the virtualenv into a distroless image
FROM ${BASEIMAGE}
FROM mcr.microsoft.com/cbl-mariner/distroless/python:3.9
COPY --from=build-venv /venv /venv
COPY . /app
WORKDIR /app
Expand Down

0 comments on commit a86986b

Please sign in to comment.