mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-26 23:37:08 -05:00
Use distroless images for JoinService & KMS
This commit is contained in:
parent
0949393dbb
commit
c51dec6d00
@ -45,9 +45,9 @@ const (
|
|||||||
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
// These images are built in a way that they support all versions currently listed in VersionConfigs.
|
||||||
KonnectivityAgentImage = "us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.32"
|
KonnectivityAgentImage = "us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.32"
|
||||||
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.0.32"
|
KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.0.32"
|
||||||
JoinImage = "ghcr.io/edgelesssys/constellation/join-service:v0.0.2-0.20220905091720-bd6c6ce836af"
|
JoinImage = "ghcr.io/edgelesssys/constellation/join-service:v0.0.2-0.20220909145031-b6c06735c313"
|
||||||
AccessManagerImage = "ghcr.io/edgelesssys/constellation/access-manager:v0.0.1"
|
AccessManagerImage = "ghcr.io/edgelesssys/constellation/access-manager:v0.0.1"
|
||||||
KmsImage = "ghcr.io/edgelesssys/constellation/kmsserver:v0.0.2-0.20220831181049-47d4c9e30423"
|
KmsImage = "ghcr.io/edgelesssys/constellation/kmsserver:v0.0.2-0.20220909145031-b6c06735c313"
|
||||||
VerificationImage = "ghcr.io/edgelesssys/constellation/verification-service:v0.0.2-0.20220831181049-47d4c9e30423"
|
VerificationImage = "ghcr.io/edgelesssys/constellation/verification-service:v0.0.2-0.20220831181049-47d4c9e30423"
|
||||||
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:20220713.00"
|
GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:20220713.00"
|
||||||
NodeOperatorCatalogImage = "ghcr.io/edgelesssys/constellation/node-operator-catalog"
|
NodeOperatorCatalogImage = "ghcr.io/edgelesssys/constellation/node-operator-catalog"
|
||||||
|
@ -25,7 +25,7 @@ WORKDIR /constellation/joinservice
|
|||||||
ARG PROJECT_VERSION=0.0.0
|
ARG PROJECT_VERSION=0.0.0
|
||||||
RUN CGO_ENABLED=0 go build -o join-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
RUN CGO_ENABLED=0 go build -o join-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
||||||
|
|
||||||
# We would like to use a scratch image here, but we require CA certificates to be installed for aTLS operations on GCP.
|
# Use gcr.io/distroless/static here since we need CA certificates to be installed for aTLS operations on GCP.
|
||||||
FROM fedora@sha256:486fd5578f93fbc57a519e34ad4b7cac927c3f8a95409baedf0c19e9f287c207 as release
|
FROM gcr.io/distroless/static@sha256:d673e44035b1435c88f63c4b7066501e21fe5c6b111cd9ada7d9301f780b2416 as release
|
||||||
COPY --from=build /constellation/joinservice/join-service /joinservice
|
COPY --from=build /constellation/joinservice/join-service /joinservice
|
||||||
ENTRYPOINT [ "/joinservice" ]
|
ENTRYPOINT [ "/joinservice" ]
|
||||||
|
@ -27,7 +27,7 @@ WORKDIR /constellation/kms/cmd
|
|||||||
ARG PROJECT_VERSION=0.0.0
|
ARG PROJECT_VERSION=0.0.0
|
||||||
RUN CGO_ENABLED=0 go build -o /constellation/build/kmsserver -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
RUN CGO_ENABLED=0 go build -o /constellation/build/kmsserver -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
||||||
|
|
||||||
# We would like to use a scratch image here, but we require CA certificates to be installed for aTLS operations on GCP.
|
# Use gcr.io/distroless/static here since we need CA certificates for aTLS operations on GCP.
|
||||||
FROM fedora@sha256:486fd5578f93fbc57a519e34ad4b7cac927c3f8a95409baedf0c19e9f287c207 as release
|
FROM gcr.io/distroless/static@sha256:d673e44035b1435c88f63c4b7066501e21fe5c6b111cd9ada7d9301f780b2416 as release
|
||||||
COPY --from=build /constellation/build/kmsserver /kmsserver
|
COPY --from=build /constellation/build/kmsserver /kmsserver
|
||||||
ENTRYPOINT ["/kmsserver"]
|
ENTRYPOINT ["/kmsserver"]
|
||||||
|
Loading…
x
Reference in New Issue
Block a user