Fork: 0
yangyangxie / EnvoyControlPlane
Transfer to URL with SHA Find file
Newer
Older
EnvoyControlPlane / Dockerfile
@yangyang xie yangyang xie 18 days ago 2 KB add deployment code and modify
Raw Blame History 
FROM golang:1.24-alpine AS builder 

# Install necessary runtime dependencies for static binaries if needed
# For standard Go apps, this is usually just ca-certificates for HTTPS/TLS.
RUN apk add --no-cache ca-certificates

# Set the working directory for the build
WORKDIR /app

# Copy the dependency files first for better build caching
# If go.mod/go.sum don't change, this layer is reused, speeding up subsequent builds.
COPY go.mod go.sum ./

# Download all dependencies
RUN go mod download

# Copy the rest of the source code, including internal/
COPY . .

# Build the final executable
# CGO_ENABLED=0 creates a statically linked binary (no libc dependency).
# -ldflags="-s -w" strips debug information to minimize the binary size.
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags="-s -w" -o /xds-server .


# --- STAGE 2: Create the minimal runtime image ---
# Use a minimal base image, like alpine or gcr.io/distroless/static, for the final image.
# Alpine is a good choice as it includes basic shell commands (useful for debugging).
FROM alpine:latest

# Install ca-certificates again for the final image to handle HTTPS/TLS connections
RUN apk add --no-cache ca-certificates

# Set the working directory for the final application
WORKDIR /app

# Create a non-root user and group for security best practice
RUN addgroup -S appuser && adduser -S -G appuser appuser
USER appuser

# Copy the built binary from the 'builder' stage
# The binary is the only thing needed to run the Go application.
COPY --from=builder --chown=appuser:appuser /xds-server /usr/local/bin/xds-server

# Expose the ports for the xDS server (18000) and the REST API (8080)
EXPOSE 18000
EXPOSE 8080

# Define the command to run the application
# We use the new flags to listen on all interfaces and point to a config directory.
ENTRYPOINT ["/usr/local/bin/xds-server"]
# CMD is for default arguments. Here, we specify the default configuration to load.
# The container will run with nodeID 'proxy', listening on 18000/8080, and loading configs from the /configs directory inside the container.
CMD ["--nodeID", "proxy", "--config-dir", "/app/configs"]