forked from yylt/build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-istio
51 lines (42 loc) · 1.57 KB
/
Dockerfile-istio
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
FROM ubuntu:jammy
ARG TARGETOS TARGETARCH TARGETPLATFORM VERSION
ENV ISTIO_META_ISTIO_VERSION=$VERSION
ENV DEBIAN_FRONTEND=noninteractive
# Do not add more stuff to this list that isn't small or critically useful.
# If you occasionally need something on the container do
# sudo apt-get update && apt-get whichever
# hadolint ignore=DL3005,DL3008
RUN apt-get update && \
apt-get install --no-install-recommends -y \
ca-certificates \
curl \
iptables \
iproute2 \
iputils-ping \
knot-dnsutils \
netcat \
tcpdump \
conntrack \
bsdmainutils \
net-tools \
kmod \
lsof \
sudo \
&& update-ca-certificates \
&& apt-get upgrade -y \
&& apt-get clean \
&& rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \
&& update-alternatives --set iptables /usr/sbin/iptables-legacy \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy && \
useradd -m --uid 1337 istio-proxy && \
echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers
COPY linux_$TARGETARCH/pilot-agent /usr/local/bin/pilot-agent
COPY envoy_bootstrap.json /var/lib/istio/envoy/envoy_bootstrap_tmpl.json
COPY linux_$TARGETARCH/envoy /usr/local/bin/envoy
# copy wasm plugin from image
# copy --from=extension /metadata_exchange.compiled.wasm /etc/istio/extensions/
# copy --from=extension /metadata_exchange.wasm /etc/istio/extensions/
# copy --from=extension /stats.compiled.wasm /etc/istio/extensions/
# copy --from=extension /stats.wasm /etc/istio/extensions/
# The pilot-agent will bootstrap Envoy.
ENTRYPOINT ["/usr/local/bin/pilot-agent"]