diff --git a/cmd/fluent-manager/Dockerfile b/cmd/fluent-manager/Dockerfile index 597b43c6a..31373b396 100644 --- a/cmd/fluent-manager/Dockerfile +++ b/cmd/fluent-manager/Dockerfile @@ -16,7 +16,7 @@ COPY controllers controllers/ COPY pkg pkg/ # Build -RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go +RUN CGO_ENABLED=0 GO111MODULE=on go build -buildmode=pie -trimpath -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/cmd/fluent-watcher/fluentbit/Dockerfile b/cmd/fluent-watcher/fluentbit/Dockerfile index 2411c64f1..d9acf89d4 100644 --- a/cmd/fluent-watcher/fluentbit/Dockerfile +++ b/cmd/fluent-watcher/fluentbit/Dockerfile @@ -4,7 +4,7 @@ RUN mkdir -p /code COPY . /code/ WORKDIR /code RUN echo $(ls -al /code) -RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluent-bit/fluent-bit /code/cmd/fluent-watcher/fluentbit/main.go +RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluent-bit/fluent-bit /code/cmd/fluent-watcher/fluentbit/main.go FROM fluent/fluent-bit:1.9.9 LABEL Description="Fluent Bit docker image" Vendor="Fluent" Version="1.0" diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.amd64 b/cmd/fluent-watcher/fluentd/Dockerfile.amd64 index 68dcb5b1b..c57307615 100644 --- a/cmd/fluent-watcher/fluentd/Dockerfile.amd64 +++ b/cmd/fluent-watcher/fluentd/Dockerfile.amd64 @@ -5,7 +5,7 @@ RUN mkdir -p /code COPY . /code/ WORKDIR /code RUN echo $(ls -al /code) -RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go +RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go # Fluentd main image FROM alpine:3.13 diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64 b/cmd/fluent-watcher/fluentd/Dockerfile.arm64 index 975bc2c5b..2fcab3e4c 100644 --- a/cmd/fluent-watcher/fluentd/Dockerfile.arm64 +++ b/cmd/fluent-watcher/fluentd/Dockerfile.arm64 @@ -5,9 +5,9 @@ RUN mkdir -p /code COPY . /code/ WORKDIR /code RUN echo $(ls -al /code) -RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go +RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go -# To set multiarch build for Docker hub automated build. +# To set multiarch build -buildmode=pie -trimpath for Docker hub automated build. FROM golang:alpine AS builderqemu WORKDIR /go ENV QEMU_DOWNLOAD_SHA256 5db25cccb40ac7b1ca857653b883376b931d91b06ff34ffe70dcf6180bd07bb8 diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base index dc5a9259a..28bc50248 100644 --- a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base +++ b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base @@ -1,4 +1,4 @@ -# To set multiarch build for Docker hub automated build. +# To set multiarch build -buildmode=pie -trimpath for Docker hub automated build. FROM golang:alpine AS builderqemu WORKDIR /go ENV QEMU_DOWNLOAD_SHA256 5db25cccb40ac7b1ca857653b883376b931d91b06ff34ffe70dcf6180bd07bb8 diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick index e89eefe62..8062c53ec 100644 --- a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick +++ b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick @@ -5,7 +5,7 @@ RUN mkdir -p /code COPY . /code/ WORKDIR /code RUN echo $(ls -al /code) -RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go +RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go # Fluentd main image FROM kubesphere/fluentd:v1.14.6-arm64-base diff --git a/docs/best-practice/forwarding-logs-via-http/Dockerfile b/docs/best-practice/forwarding-logs-via-http/Dockerfile index f6fb2b81d..a2f2c6f82 100644 --- a/docs/best-practice/forwarding-logs-via-http/Dockerfile +++ b/docs/best-practice/forwarding-logs-via-http/Dockerfile @@ -3,7 +3,7 @@ FROM golang:1.19.1 as builder WORKDIR / COPY main.go /go/src/main.go -RUN CGO_ENABLED=0 go build /go/src/main.go +RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath /go/src/main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details