diff --git a/package/Dockerfile.agent b/package/Dockerfile.agent index 9e92b2d0581..a9fdab774cb 100644 --- a/package/Dockerfile.agent +++ b/package/Dockerfile.agent @@ -21,25 +21,52 @@ COPY . . RUN go mod download RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -tags "${TAGS}" -ldflags "${LDFLAGS}" -o agent ./cmd/agent -FROM registry.suse.com/bci/bci-base:15.5 + +FROM ${RANCHER_IMAGE} AS rancher + +FROM registry.suse.com/bci/bci-micro:15.5 AS final + +# Temporary build stage image +FROM registry.suse.com/bci/bci-base:15.5 AS builder + +# Install system packages using builder image that has zypper +COPY --from=final / /chroot/ + +# Install some packages with zypper in the chroot of the final micro image +RUN zypper refresh && \ + zypper --installroot /chroot -n in --no-recommends \ + curl util-linux ca-certificates ca-certificates-mozilla jq git-core hostname iproute2 vim-small less \ + bash-completion bind-utils acl openssh-clients tar gzip xz gawk sysstat openssl patterns-base-fips && \ + zypper --installroot /chroot clean -a && \ + rm -rf /chroot/var/cache/zypp/* /chroot/var/log/zypp/* /chroot/tmp/* /chroot/var/tmp/* /chroot/usr/share/doc/packages/* + +# Main stage using bci-micro as the base image +FROM final +ARG ARCH=${ARCH} +ARG VERSION=${VERSION} + +# Copy binaries and configuration files from builder to micro +COPY --from=builder /chroot/ / + +# Test that some of the dependency binaries were copied +# and are working on the target image. +RUN /usr/bin/unshare --version && \ + /usr/bin/mount --version && \ + /usr/bin/umount --version && \ + /usr/bin/nsenter --version ENV KUBECTL_VERSION v1.25.12 -RUN zypper -n install --no-recommends curl ca-certificates jq git-core hostname iproute2 vim-small less \ - bash-completion bind-utils acl openssh-clients tar gzip xz gawk sysstat && \ - zypper -n clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* && \ - curl -sLf https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl > /usr/bin/kubectl && \ +RUN curl -sLf https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl > /usr/bin/kubectl && \ chmod +x /usr/bin/kubectl ENV LOGLEVEL_VERSION v0.1.6 - RUN curl -sLf https://github.com/rancher/loglevel/releases/download/${LOGLEVEL_VERSION}/loglevel-${ARCH}-${LOGLEVEL_VERSION}.tar.gz | tar xvzf - -C /usr/bin -ARG VERSION=dev LABEL io.cattle.agent true ENV AGENT_IMAGE rancher/rancher-agent:${VERSION} -ENV CATTLE_RANCHER_WEBHOOK_MIN_VERSION='' # For now, this value needs to be manually synced with the one in the main Dockerfile. This pins downstream webhook's version. -ENV CATTLE_RANCHER_WEBHOOK_VERSION=2.0.12+up0.3.12-rc1 +ARG CATTLE_RANCHER_WEBHOOK_VERSION +ENV CATTLE_RANCHER_WEBHOOK_VERSION=$CATTLE_RANCHER_WEBHOOK_VERSION ENV SSL_CERT_DIR /etc/kubernetes/ssl/certs COPY --from=rancher /var/lib/rancher-data /var/lib/rancher-data COPY --from=rancher /usr/bin/tini /usr/bin/