From 4aac8c48459f6c2ee70ac2c823580e62e501f7a3 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Mon, 26 Feb 2024 17:32:13 +0000 Subject: [PATCH 1/3] Add dockerfile for `tbot-distroless` --- .../charts/Dockerfile-tbot-distroless | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 build.assets/charts/Dockerfile-tbot-distroless diff --git a/build.assets/charts/Dockerfile-tbot-distroless b/build.assets/charts/Dockerfile-tbot-distroless new file mode 100644 index 0000000000000..f9274806f96b3 --- /dev/null +++ b/build.assets/charts/Dockerfile-tbot-distroless @@ -0,0 +1,26 @@ +ARG BASE_IMAGE=gcr.io/distroless/cc-debian12 + +FROM debian:12 AS teleport +# Install the teleport binary from an architecture-specific debian package. Note +# that we cannot simply pass a ready-made package filename in as a build-arg, as +# this dockerfile is used for a multiarch build and any build-args will be +# re-used for multiple ${TARGETARCH}es. In order to get around this we pass +# various components of the architecture-specific debian package filename in as +# individual build args and re-assemble it *inside* the build. + +# NOTE that TELEPORT_RELEASE_INFIX *must* include the leading dash if set. +ARG TELEPORT_RELEASE_INFIX +ARG TELEPORT_VERSION +# TARGETARCH is supplied by the `buildx` mechanics +ARG TARGETARCH +ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION}_${TARGETARCH}.deb +COPY $TELEPORT_DEB_FILE_NAME ./$TELEPORT_DEB_FILE_NAME +RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ + mkdir -p /opt/staging/etc/teleport && \ + mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ + mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ + rm -rf /opt/staging/DEBIAN + +FROM $BASE_IMAGE +COPY --from=teleport /opt/staging/usr/local/bin/tbot /usr/local/bin/tbot +ENTRYPOINT ["/usr/local/bin/tbot"] \ No newline at end of file From e8ed21354675048268e33fa583f029eb2abadfb9 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Mon, 26 Feb 2024 22:29:04 +0000 Subject: [PATCH 2/3] use --mount rather than copy --- build.assets/charts/Dockerfile-tbot-distroless | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.assets/charts/Dockerfile-tbot-distroless b/build.assets/charts/Dockerfile-tbot-distroless index f9274806f96b3..9e4cec731fc7e 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless +++ b/build.assets/charts/Dockerfile-tbot-distroless @@ -14,8 +14,7 @@ ARG TELEPORT_VERSION # TARGETARCH is supplied by the `buildx` mechanics ARG TARGETARCH ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION}_${TARGETARCH}.deb -COPY $TELEPORT_DEB_FILE_NAME ./$TELEPORT_DEB_FILE_NAME -RUN dpkg-deb -R $TELEPORT_DEB_FILE_NAME /opt/staging && \ +RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging && \ mkdir -p /opt/staging/etc/teleport && \ mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ From b7964e3ea09dfca81085b03921ac8b612e6fca71 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Tue, 27 Feb 2024 09:25:44 +0000 Subject: [PATCH 3/3] simplify deb extraction --- build.assets/charts/Dockerfile-tbot-distroless | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/build.assets/charts/Dockerfile-tbot-distroless b/build.assets/charts/Dockerfile-tbot-distroless index 9e4cec731fc7e..9e1e4d8897c07 100644 --- a/build.assets/charts/Dockerfile-tbot-distroless +++ b/build.assets/charts/Dockerfile-tbot-distroless @@ -14,12 +14,8 @@ ARG TELEPORT_VERSION # TARGETARCH is supplied by the `buildx` mechanics ARG TARGETARCH ENV TELEPORT_DEB_FILE_NAME=teleport${TELEPORT_RELEASE_INFIX}_${TELEPORT_VERSION}_${TARGETARCH}.deb -RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging && \ - mkdir -p /opt/staging/etc/teleport && \ - mkdir -p /opt/staging/var/lib/dpkg/status.d/ && \ - mv /opt/staging/DEBIAN/control /opt/staging/var/lib/dpkg/status.d/teleport && \ - rm -rf /opt/staging/DEBIAN +RUN --mount=type=bind,target=/ctx dpkg-deb -R /ctx/$TELEPORT_DEB_FILE_NAME /opt/staging FROM $BASE_IMAGE COPY --from=teleport /opt/staging/usr/local/bin/tbot /usr/local/bin/tbot -ENTRYPOINT ["/usr/local/bin/tbot"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/tbot"]