forked from intel/network-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.linkdiscovery
More file actions
101 lines (81 loc) · 3.52 KB
/
Dockerfile.linkdiscovery
File metadata and controls
101 lines (81 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Copyright (c) 2025 Intel Corporation
# SPDX-License-Identifier: MIT
ARG FINAL_BASE_IMAGE
# Build the discover binary
FROM golang:1.25 AS builder
ARG TARGETOS
ARG TARGETARCH
ARG GITINFO
ARG BUILDDATE
ARG PKGNAME
ARG GO111MODULE
ARG CGOFLAGS
ARG GCFLAGS
ARG ASMFLAGS
ARG LDFLAGS
WORKDIR /workspace
# Copy the Go Modules manifests
COPY go.mod go.sum ./
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends libpcap0.8-dev \
libc6-dev libdbus-1-dev libsystemd-dev libcap-dev
# Copy the go source
COPY cmd/discover/*.go cmd/discover/
COPY pkg/ pkg/
COPY internal/ internal/
COPY LICENSE LICENSE
# Build
RUN export discover_ldflags="$LDFLAGS -linkmode=external -extldflags '$(pkg-config --static --libs-only-l libpcap libcap) -static'" && \
echo "Linking with: $discover_ldflags" && \
CGO_ENABLED=1 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=${GO111MODULE} \
go build $CGOFLAGS --gcflags="$GCFLAGS" --asmflags="$ASMFLAGS" --ldflags="$discover_ldflags" \
-a -o discover ./cmd/discover/
# Verify binary build specs with checksec
ENV CHECKSEC_REF="Partial RELRO,No Canary found,NX enabled,No PIE,N/A,N/A,No Symbols,N/A,0,0"
RUN apt-get update -y && apt-get --no-install-recommends -y install file && \
wget -q https://raw.githubusercontent.com/slimm609/checksec/refs/heads/main/checksec.bash -O checksec && \
chmod +x checksec && \
./checksec --file=/workspace/discover --output=csv | grep -q "$CHECKSEC_REF"
RUN go get github.com/google/go-licenses && \
go run github.com/google/go-licenses save ./cmd/discover/ --save_path=licenses
RUN sed -i 's/\(Types: deb\).*/\1 deb-src/' /etc/apt/sources.list.d/*.sources
WORKDIR /workspace/source
RUN apt update && apt source libc6-dev libdbus-1-dev libsystemd-dev libcap-dev --download-only
# Build static version of lldpad
FROM debian:trixie as lldpadbuilder
WORKDIR /workspace
COPY lldpad_Makefile_am.patch lldpad_Makefile_am.patch
RUN sed -i 's/\(Types: deb\).*/\1 deb-src/' /etc/apt/sources.list.d/*.sources && \
apt update && apt install --no-install-recommends -y automake libtool && \
apt build-dep -y lldpad
WORKDIR /workspace/build
RUN apt source lldpad && mv lldpad-* lldpad-source
WORKDIR /workspace/build/lldpad-source
RUN ./bootstrap.sh && \
./configure --prefix=/usr --enable-static --disable-shared && \
patch -p0 < /workspace/lldpad_Makefile_am.patch && \
make && cp lldptool lldpad /workspace
WORKDIR /workspace/source
RUN apt source --download-only libnl-3-dev libconfig11 libc6-dev && \
cp -v /workspace/build/* . || true
FROM ${FINAL_BASE_IMAGE}
WORKDIR /
COPY --from=builder /workspace/discover /discover
COPY --from=lldpadbuilder /workspace/lldpad /usr/sbin/lldpad
COPY --from=lldpadbuilder /workspace/lldptool /usr/sbin/lldptool
COPY --from=builder /workspace/licenses /licenses
COPY --from=builder /workspace/source /source
COPY --from=lldpadbuilder /workspace/source /source
USER root
ENTRYPOINT ["/discover"]
LABEL vendor='Intel®'
LABEL org.opencontainers.image.source='https://github.com/intel/network-operator'
LABEL maintainer="Intel®"
LABEL version='devel'
LABEL release='1'
LABEL name='intel-network-linkdiscovery'
LABEL summary='Intel® Network Link Discovery for Kubernetes'
LABEL description='The Network Link Discovery provides tools and services for discovering and managing network links in Kubernetes environments.'