Erisa/cloudflared-docker

Dockerfile optimizations

Closed this issue · 1 comments

# Stage 1: Build container
# Use a specific Golang version and Alpine Linux as the base image
ARG GOVERSION=1.20.12
ARG ALPINEVERSION=3.19

FROM --platform=${BUILDPLATFORM} \
    golang:$GOVERSION-alpine${ALPINEVERSION} AS build

# Set the working directory for the build
WORKDIR /src

# Install necessary dependencies for building
RUN apk --no-cache -U add git build-base curl jq

# Fetch the latest release version using GitHub API
RUN VERSION=$(curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | jq -r .tag_name) \
    && git clone https://github.com/cloudflare/cloudflared --depth=1 --branch ${VERSION} .

# Build the cloudflared binary for Linux amd64
ARG TARGETOS
ARG TARGETARCH
RUN GO111MODULE=on CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} make cloudflared

# Stage 2: Runtime container
FROM scratch

# Copy the built cloudflared binary and required files
COPY --from=build /src/cloudflared .
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# Copy curl binary from a docker image
COPY --from=ghcr.io/tarampampam/curl /bin/curl /bin/curl

# Set environment variable for the cloudflared origin certificate
ENV TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem
ENTRYPOINT ["/cloudflared", "--no-autoupdate"]
CMD ["version"]
  1. Added comments everywhere to clarify what happens.
  2. Added -U flag in apk install command. This flag updates the package index before adding or upgrading packages. It ensures that the latest information about available packages is used.
  3. Moved GO111MODULE=on and CGO_ENABLED=0 into the RUN command to remove one layer.
  4. Instead of setting the latest release version manually, the latest version tag is automatically used. Added jq package in apk command for this.
  5. Removed WORKDIR / layer in the runtime container because it is not needed. Workdir is automatically set to /.
  6. Added curl as static binary to enable using curl for native healthchecks in docker (needs to be tested further before implementing)
Erisa commented

Please see the review comments in #20