Last active
February 18, 2024 23:29
-
-
Save Segmentational/de24be895dc4a65a848e5d59005e2367 to your computer and use it in GitHub Desktop.
Optimized GO HTTP Server Dockerfile - Kubernetes, Private VCS Compatible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # syntax = docker/dockerfile:1.0-experimental | |
| FROM golang:1.22-alpine as BUILD | |
| # ARG NETRCPASSWORD | |
| # ENV NETRCPASSWORD "${NETRCPASSWORD}" | |
| # ENV GOPRIVATE "github.com/example/*" | |
| ENV GOOS "linux" | |
| ENV GOVCS "*:all" | |
| ENV CGO_ENABLED "0" | |
| WORKDIR / | |
| COPY . ./ | |
| # RUN echo "machine github.com" > ~/.netrc | |
| # RUN echo "login Segmentational" >> ~/.netrc | |
| # RUN echo "password ${NETRCPASSWORD}" >> ~/.netrc | |
| RUN apk add --no-cache git | |
| RUN go mod download && go build -ldflags "-s -w" -o /http-api | |
| # --> Prevents shell access | |
| RUN adduser -h "/dev/null" -g "" -s "/sbin/nologin" -D -H -u 10001 api-service-user | |
| FROM scratch as RELEASE | |
| WORKDIR / | |
| COPY --from=BUILD /.env /.env | |
| COPY --from=BUILD /etc/passwd /etc/passwd | |
| COPY --from=BUILD /http-api /usr/local/bin/http-api | |
| COPY --from=BUILD /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt | |
| USER api-service-user | |
| CMD ["http-api"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ideal usage would mount a
.netrcas a Docker Secret (for private build dependencies), and the.envas s Kubernetes Secret.