forked from Kuadrant/limitador
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.aarch64
54 lines (39 loc) · 2.02 KB
/
Dockerfile.aarch64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# ------------------------------------------------------------------------------
# Build Stage cross compiling
# ------------------------------------------------------------------------------
# Use bullseye as build image instead of Bookworm as ubi9 does not not have GLIBCXX_3.4.30
# https://access.redhat.com/solutions/6969351
FROM --platform=${BUILDPLATFORM} rust:1.79.0-bullseye as limitador-build
RUN apt update && apt upgrade -y \
&& apt install -y protobuf-compiler clang g++-aarch64-linux-gnu libc6-dev-arm64-cross
RUN rustup target add aarch64-unknown-linux-gnu \
&& rustup toolchain install stable-aarch64-unknown-linux-gnu
WORKDIR /usr/src/limitador
ARG GITHUB_SHA
ENV GITHUB_SHA=${GITHUB_SHA:-unknown}
ENV RUSTFLAGS="-C target-feature=-crt-static" \
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \
CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \
CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++ \
# https://github.com/rust-lang/rust-bindgen/issues/1229
BINDGEN_EXTRA_CLANG_ARGS="--sysroot=/usr/aarch64-linux-gnu"
COPY . .
RUN cargo build --release --target aarch64-unknown-linux-gnu
# ------------------------------------------------------------------------------
# Run Stage
# ------------------------------------------------------------------------------
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2
# shadow-utils is required for `useradd`
RUN PKGS="libgcc libstdc++ shadow-utils" \
&& microdnf --assumeyes install --nodocs $PKGS \
&& rpm --verify --nogroup --nouser $PKGS \
&& microdnf -y clean all
RUN useradd -u 1000 -s /bin/sh -m -d /home/limitador limitador
WORKDIR /home/limitador/bin/
ENV PATH="/home/limitador/bin:${PATH}"
COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../
COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server
RUN chown -R limitador:root /home/limitador \
&& chmod -R 750 /home/limitador
USER limitador
CMD ["limitador-server"]