From 24346152589237b142943c1f49f1fbad7c5225d4 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Fri, 7 Jul 2023 14:04:07 +0200 Subject: [PATCH] feat: multi-stage build for container image Adapt the Makefile and Dockerfile for a multi-stage build of the container image. It is now not anymore required to have go locally installed to build the container image. Inside the multi-stage build, the newly create make install command will be executed. The compbiled files will than be copied to a new base image with less dependencies. Further improvement would be to use instead of debian:10 scratch, because the application does not have any C dependencies (CGO_ENABLED=0). Additionally it is not possible to build the container image with alternative container runtimes like podman instead of docker. make build/container-image CONTAINER_RUNTIME=podman The used base image names are now defined as fully qualified image names (with registry host), to support local container registry mirror configurations. --- Dockerfile | 23 ++++++++++++++++------- Makefile | 22 ++++++++++++++-------- prometheus-fail2ban-exporter => env | 0 systemd/systemd.service | 4 ++-- 4 files changed, 32 insertions(+), 17 deletions(-) rename prometheus-fail2ban-exporter => env (100%) diff --git a/Dockerfile b/Dockerfile index 1955792..9959a07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,19 @@ -FROM debian:buster-slim +FROM docker.io/library/golang:1.20.5-buster AS build -# Create main app folder to run from -WORKDIR /app +WORKDIR /workspace +ADD . /workspace -# Copy compiled binary to release image -# (must build the binary before running docker build) -COPY fail2ban_exporter /app/fail2ban_exporter +RUN apt update --yes && \ + apt install --yes build-essential && \ + make install \ + PREFIX=/usr \ + DESTDIR=/app \ + EXECUTABLE=fail2ban_exporter -ENTRYPOINT ["/app/fail2ban_exporter"] +FROM docker.io/library/debian:10-slim + +COPY --from=build /app / + +EXPOSE 9191 + +ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ] diff --git a/Makefile b/Makefile index ed459f7..6b0be1a 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,8 @@ DESTDIR?= PREFIX?=/usr/local EXECUTABLE?=fail2ban_exporter +CONTAINER_RUNTIME?=$(shell which docker) + # List make commands .PHONY: ls ls: @@ -54,21 +56,25 @@ build: -o ${EXECUTABLE} \ exporter.go -# Build project docker container -.PHONY: build/docker -build/docker: build - docker build -t ${EXECUTABLE} . +# build container-image +.PHONY: build/container-image +build/container-image: + ${CONTAINER_RUNTIME} build \ + --tag ${EXECUTABLE} \ + . .PHONY: install install: build - install -D --mode 0644 systemd/systemd.service ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service + mkdir --parents ${DESTDIR}/usr/lib/systemd/system + sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service + chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service - install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin/${EXECUTABLE} ${EXECUTABLE} + install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE} # NOTE: Set restrict file permissions by default to protect optional basic auth credentials - install -D --mode 0600 --target-directory ${DESTDIR}/etc/conf.d ${EXECUTABLE} + install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE} - install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/LICENSE LICENSE + install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE .PHONY: uninstall uninstall: diff --git a/prometheus-fail2ban-exporter b/env similarity index 100% rename from prometheus-fail2ban-exporter rename to env diff --git a/systemd/systemd.service b/systemd/systemd.service index 7b3917b..1622c9f 100644 --- a/systemd/systemd.service +++ b/systemd/systemd.service @@ -4,8 +4,8 @@ Requires=network-online.target After=network-online.target [Service] -EnvironmentFile=/etc/conf.d/prometheus-fail2ban-exporter -ExecStart=/usr/bin/prometheus-fail2ban-exporter +EnvironmentFile=/etc/conf.d/EXECUTABLE +ExecStart=/usr/bin/EXECUTABLE ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=5s