feat: (IAC-1063) Optimize Dockerfile (#187)

Dockerfile

@@ -3,27 +3,29 @@
 
 ARG TERRAFORM_VERSION=1.4.5
 ARG GCP_CLI_VERSION=428.0.0
-FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
 
-FROM google/cloud-sdk:$GCP_CLI_VERSION
+FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform
+FROM google/cloud-sdk:$GCP_CLI_VERSION-alpine
 ARG KUBECTL_VERSION=1.25.8
 ARG ENABLE_GKE_GCLOUD_AUTH_PLUGIN=True
+ARG INSTALL_COMPONENTS=""
 
 WORKDIR /viya4-iac-gcp
 
 COPY --from=terraform /bin/terraform /bin/terraform
 COPY . .
 
-RUN apt-get update && apt-get upgrade -y \
-  && apt-get install --no-install-recommends -y jq \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/* \
+RUN apk update \
+  && apk upgrade --no-cache \
+  && apk add --no-cache jq \
   && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \
   && chmod 755 ./kubectl /viya4-iac-gcp/docker-entrypoint.sh \
   && mv ./kubectl /usr/local/bin/kubectl \
   && chmod g=u -R /etc/passwd /etc/group /viya4-iac-gcp \
   && git config --system --add safe.directory /viya4-iac-gcp \
-  && terraform init
+  && terraform init \
+  && gcloud components install gke-gcloud-auth-plugin alpha beta cloud_sql_proxy $INSTALL_COMPONENTS \
+  && rm -rf /google-cloud-sdk/.install/.backup
 
 ENV TF_VAR_iac_tooling=docker
 ENV USE_GKE_GCLOUD_AUTH_PLUGIN=$ENABLE_GKE_GCLOUD_AUTH_PLUGIN

docs/user/DockerUsage.md

@@ -18,6 +18,19 @@ docker build -t viya4-iac-gcp .
 
 The Docker image `viya4-iac-gcp` will contain Terraform and 'kubectl' executables. The Docker entrypoint for the image is `terraform` that will be run with sub-commands in the subsequent steps.
 
+#### Install Additional gcloud Components
+
+In order to keep our Docker image as light as possible, we opt not to install all the `gcloud` components as that drastically increases the image size. This project currently makes use of `google/cloud-sdk:xxx.0.0-alpine` as the [base image](https://hub.docker.com/r/google/cloud-sdk/tags), which includes a [default set](https://github.com/GoogleCloudPlatform/cloud-sdk-docker#components-installed-in-each-tag) of `gcloud` components. On top of that we also install the `gke-gcloud-auth-plugin`, Cloud SQL Proxy, and the `gcloud` Alpha/Beta Commands. All the `gcloud` components necessary for interacting with the resources created by this project are installed by default. If you require additional `gcloud` components to be present within the Docker image, you can set the `INSTALL_COMPONENTS` build-arg to a space separated list of components IDs.
+
+```bash
+# for a full list components
+gcloud components list
+
+# example: "I additionally want the Cloud Spanner Emulator present in my Docker image"
+docker build --build-arg INSTALL_COMPONENTS="cloud-spanner-emulator" -t viya4-iac-gcp . 
+```
+
+
 ### Service Account Keyfile for GCP Authentication 
 
 Prepare a file with GCP authentication info, as described in [Authenticating Terraform to access GCP](./TerraformGCPAuthentication.md) and store it outside of this repo in a secure file, for example `$HOME/.viya4-tf-gcp-service-account.json`.

linting-configs/.hadolint.yaml

@@ -1,3 +1,3 @@
 ignored:
-  # Specify version with apt-get install -y <package>=<version> : https://github.com/hadolint/hadolint/wiki/DL3008
-  - DL3008
+  # Pin versions in apk add : https://github.com/hadolint/hadolint/wiki/DL3018
+  - DL3018