From 95a3892296b021b674d79614be1ac2758601441e Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Fri, 7 Jul 2023 13:19:52 -0400 Subject: [PATCH] feat: (IAC-1063) Optimize Dockerfile (#187) --- Dockerfile | 16 +++++++++------- docs/user/DockerUsage.md | 13 +++++++++++++ linting-configs/.hadolint.yaml | 4 ++-- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index c9805fd..7b7b213 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,27 +3,29 @@ ARG TERRAFORM_VERSION=1.4.5 ARG GCP_CLI_VERSION=428.0.0 -FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform -FROM google/cloud-sdk:$GCP_CLI_VERSION +FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform +FROM google/cloud-sdk:$GCP_CLI_VERSION-alpine ARG KUBECTL_VERSION=1.25.8 ARG ENABLE_GKE_GCLOUD_AUTH_PLUGIN=True +ARG INSTALL_COMPONENTS="" WORKDIR /viya4-iac-gcp COPY --from=terraform /bin/terraform /bin/terraform COPY . . -RUN apt-get update && apt-get upgrade -y \ - && apt-get install --no-install-recommends -y jq \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ +RUN apk update \ + && apk upgrade --no-cache \ + && apk add --no-cache jq \ && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl \ && chmod 755 ./kubectl /viya4-iac-gcp/docker-entrypoint.sh \ && mv ./kubectl /usr/local/bin/kubectl \ && chmod g=u -R /etc/passwd /etc/group /viya4-iac-gcp \ && git config --system --add safe.directory /viya4-iac-gcp \ - && terraform init + && terraform init \ + && gcloud components install gke-gcloud-auth-plugin alpha beta cloud_sql_proxy $INSTALL_COMPONENTS \ + && rm -rf /google-cloud-sdk/.install/.backup ENV TF_VAR_iac_tooling=docker ENV USE_GKE_GCLOUD_AUTH_PLUGIN=$ENABLE_GKE_GCLOUD_AUTH_PLUGIN diff --git a/docs/user/DockerUsage.md b/docs/user/DockerUsage.md index 0e57424..dbe17b7 100644 --- a/docs/user/DockerUsage.md +++ b/docs/user/DockerUsage.md @@ -18,6 +18,19 @@ docker build -t viya4-iac-gcp . The Docker image `viya4-iac-gcp` will contain Terraform and 'kubectl' executables. The Docker entrypoint for the image is `terraform` that will be run with sub-commands in the subsequent steps. +#### Install Additional gcloud Components + +In order to keep our Docker image as light as possible, we opt not to install all the `gcloud` components as that drastically increases the image size. This project currently makes use of `google/cloud-sdk:xxx.0.0-alpine` as the [base image](https://hub.docker.com/r/google/cloud-sdk/tags), which includes a [default set](https://github.com/GoogleCloudPlatform/cloud-sdk-docker#components-installed-in-each-tag) of `gcloud` components. On top of that we also install the `gke-gcloud-auth-plugin`, Cloud SQL Proxy, and the `gcloud` Alpha/Beta Commands. All the `gcloud` components necessary for interacting with the resources created by this project are installed by default. If you require additional `gcloud` components to be present within the Docker image, you can set the `INSTALL_COMPONENTS` build-arg to a space separated list of components IDs. + +```bash +# for a full list components +gcloud components list + +# example: "I additionally want the Cloud Spanner Emulator present in my Docker image" +docker build --build-arg INSTALL_COMPONENTS="cloud-spanner-emulator" -t viya4-iac-gcp . +``` + + ### Service Account Keyfile for GCP Authentication Prepare a file with GCP authentication info, as described in [Authenticating Terraform to access GCP](./TerraformGCPAuthentication.md) and store it outside of this repo in a secure file, for example `$HOME/.viya4-tf-gcp-service-account.json`. diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml index 86b3c37..2055884 100644 --- a/linting-configs/.hadolint.yaml +++ b/linting-configs/.hadolint.yaml @@ -1,3 +1,3 @@ ignored: - # Specify version with apt-get install -y = : https://github.com/hadolint/hadolint/wiki/DL3008 - - DL3008 + # Pin versions in apk add : https://github.com/hadolint/hadolint/wiki/DL3018 + - DL3018