This repository has been archived by the owner on Jul 23, 2021. It is now read-only.
/
Dockerfile
48 lines (36 loc) · 1.85 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
FROM golang:1.16.6 as builder
WORKDIR /go/src/app
COPY . .
RUN go build -ldflags '-w -s' -o /k8spolicy
FROM debian:buster-slim
ENV CONFTEST_VERSION 0.23.0
ENV K8SPOLICY_SKIP_POLICY_DOWNLOAD true
ENV K8SPOLICY_SKIP_CONFTEST_DOWNLOAD true
RUN apt-get update && \
apt-get install -y wget ca-certificates --no-install-recommends && \
apt-get upgrade -y && \
mkdir -p /download /tmp/k8spolicy/policies/k8s-api-deprecation && \
wget https://github.com/swade1987/deprek8ion/archive/master.tar.gz -O /download/deprek8ion.tar.gz && \
tar xzf /download/deprek8ion.tar.gz -C /download && \
cp /download/deprek8ion-master/policies/*.rego /tmp/k8spolicy/policies/k8s-api-deprecation && \
rm -rf /download && \
mkdir -p /download /tmp/k8spolicy/policies/k8s-security/lib && \
wget https://github.com/instrumenta/policies/archive/master.tar.gz -O /download/policies.tar.gz && \
tar xzf /download/policies.tar.gz -C /download && \
cp /download/policies-master/kubernetes/*.rego /tmp/k8spolicy/policies/k8s-security && \
cp /download/policies-master/kubernetes/lib/*.rego /tmp/k8spolicy/policies/k8s-security/lib && \
rm -rf /download && \
mkdir -p /download && \
wget https://github.com/instrumenta/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_linux_x86_64.tar.gz -O /download/conftest.tar.gz && \
tar xzf /download/conftest.tar.gz -C /download && \
cp /download/conftest /tmp/k8spolicy && \
rm -rf /download && \
apt-get remove -y wget && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/* && \
addgroup --gid 1000 k8spolicy && \
adduser --uid 1000 --gid 1000 --shell /bin/sh --disabled-password --gecos "" k8spolicy && \
chown -R 1000:1000 /tmp/k8spolicy
COPY --from=builder /k8spolicy /usr/local/bin/k8spolicy
USER k8spolicy
ENTRYPOINT ["/usr/local/bin/k8spolicy"]