/gowhale

🐳 Docker image to compile and safely run a Go project in a scratch environment

Primary LanguageDockerfileGNU General Public License v3.0GPL-3.0

🐳 gowhale

Release License

A simple Docker image for compiling and running a generic Go project. It uses the Alpine-flavoured Golang image to compile the project into a binary, and a minimal scratch image to run the program without root privileges and overhead.

🔌 Usage

You can create a minimal Dockerfile to use gowhale with your project, like this one that's also listed in the example directory.

FROM zakcutner/gowhale:builder as builder
FROM zakcutner/gowhale

# Copy the app binary generated by the builder.
COPY --from=builder /usr/bin/app /usr/bin/app

Once the Dockerfile has been built, you are left with a scratch image that will run your binary, called app, with the app user. Certificates from Alpine Linux are also copied into the scratch image for use with TLS.

By default, app will simply be run with no arguments, you can override CMD using Docker's run command. There is also similar functionality for users of Docker Compose.

$ docker run gopher:latest foo bar baz

Note that by default, you cannot bind any ports below 1024 because the binary is run without root privileges. If you wish to change this behaviour, you can use the sysctl flag to allow any port to be used. Again, there is a similar configuration option to achieve this in Docker Compose.

$ docker run --sysctl net.ipv4.ip_unprivileged_port_start=0 gopher:latest

🙌 Attributions

Inspiration has been taken from the official Docker image for the Caddy web server. Thanks also to this Moby issue for providing the solution to binding low port numbers without root access.

💪 Contributions

If you have any suggestions for how this project could be improved, please create an issue or even submit a pull request. I am open to new ideas and I will try to respond quickly to contributions!