UNCLASSIFIED

You need to sign in or sign up before continuing.
Dockerfile 1.97 KB
Newer Older
bhearn's avatar
bhearn committed
1 2
ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
sean.melissari's avatar
sean.melissari committed
3
ARG BASE_TAG=8.4
bhearn's avatar
bhearn committed
4

5
# Updated by Renovate
Tim Seagren's avatar
Tim Seagren committed
6
ARG version="1.7.8"
bhearn's avatar
bhearn committed
7

8
FROM istio/proxyv2:${version} AS base
bhearn's avatar
bhearn committed
9

10
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
bhearn's avatar
bhearn committed
11 12

# Copy Envoy bootstrap templates used by pilot-agent
Tim Seagren's avatar
Tim Seagren committed
13
COPY --from=base /var/lib/istio/envoy/envoy_bootstrap_tmpl.json /var/lib/istio/envoy/envoy_bootstrap_tmpl.json
bhearn's avatar
bhearn committed
14 15 16 17 18 19 20 21 22
COPY --from=base /var/lib/istio/envoy/gcp_envoy_bootstrap_tmpl.json /var/lib/istio/envoy/gcp_envoy_bootstrap_tmpl.json

COPY --from=base /sbin/xtables-multi /sbin/iptables* /sbin/ip6tables* /sbin/ip /sbin/
COPY --from=base /usr/lib/x86_64-linux-gnu/xtables/ /usr/lib/x86_64-linux-gnu/xtables
COPY --from=base /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu
COPY --from=base /etc/iproute2 /etc/iproute2

WORKDIR /

Tim Seagren's avatar
Tim Seagren committed
23
# Environment variable indicating the exact proxy sha - for debugging or version-specific configs
24 25
# Iron Bank cannot provide a meaningful SHA here, set it to a placeholder value
ENV ISTIO_META_ISTIO_PROXY_SHA=isto-proxy:ironbank
Jeffrey Weatherford's avatar
testing  
Jeffrey Weatherford committed
26
# Environment variable indicating the exact build, for debugging
27
ENV ISTIO_META_ISTIO_VERSION=${version}
Jeffrey Weatherford's avatar
testing  
Jeffrey Weatherford committed
28 29


bhearn's avatar
bhearn committed
30 31 32 33 34 35 36 37 38 39 40 41
# Install Envoy.
COPY --from=base /usr/local/bin/envoy /usr/local/bin/envoy
COPY --from=base /usr/local/bin/pilot-agent /usr/local/bin/pilot-agent
COPY --from=base /var/lib/istio/envoy/envoy_policy.yaml.tmpl /var/lib/istio/envoy/envoy_policy.yaml.tmpl
COPY --from=base /etc/istio/extensions/stats-filter.wasm /etc/istio/extensions/stats-filter.wasm
COPY --from=base /etc/istio/extensions/metadata-exchange-filter.wasm /etc/istio/extensions/metadata-exchange-filter.wasm

RUN useradd -u 1337 istio-proxy && \
    chown -R 1337 /var/lib/istio && \
    chown -R 1337 /etc/istio && \
    dnf update -y && \
    dnf clean all && \
Tim Seagren's avatar
Tim Seagren committed
42
    rm -rf /var/cache/dnf/
bhearn's avatar
bhearn committed
43 44 45 46 47 48 49

EXPOSE 443
###############################################################
# Run as non-root user
USER istio-proxy
###############################################################
ENTRYPOINT ["/usr/local/bin/pilot-agent"]