diff --git a/Dockerfile b/Dockerfile index bdfe4a6b33cb..b241f71f97af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,10 @@ # Build the manager binary # Run this with docker build --build-arg builder_image= ARG builder_image + +# Build architecture +ARG ARCH + FROM ${builder_image} as builder WORKDIR /workspace @@ -55,7 +59,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ -o manager ${package} # Production image -FROM gcr.io/distroless/static:nonroot +FROM --platform=${ARCH} gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/manager . # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies diff --git a/cmd/clusterctl/Dockerfile b/cmd/clusterctl/Dockerfile index 0e3459a9f6a6..e11fd89062a2 100644 --- a/cmd/clusterctl/Dockerfile +++ b/cmd/clusterctl/Dockerfile @@ -17,6 +17,10 @@ # Build the clusterctl binary # Run this with docker build --build-arg builder_image= ARG builder_image + +# Build architecture +ARG ARCH + FROM ${builder_image} as builder WORKDIR /workspace @@ -55,7 +59,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ -o clusterctl ${package} # Production image -FROM gcr.io/distroless/static:nonroot +FROM --platform=${ARCH} gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/clusterctl . # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies diff --git a/test/extension/Dockerfile b/test/extension/Dockerfile index b8adf471ef9e..4cf92f5d3c89 100644 --- a/test/extension/Dockerfile +++ b/test/extension/Dockerfile @@ -17,6 +17,10 @@ # Build the extension binary # Run this with docker build --build-arg builder_image= ARG builder_image + +# Build architecture +ARG ARCH + FROM ${builder_image} as builder WORKDIR /workspace @@ -58,7 +62,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ -o /workspace/extension ${package} # Production image -FROM gcr.io/distroless/static:nonroot +FROM --platform=${ARCH} gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/extension . # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies diff --git a/test/infrastructure/docker/Dockerfile b/test/infrastructure/docker/Dockerfile index 41a47971c3fc..7ecdb79db6d7 100644 --- a/test/infrastructure/docker/Dockerfile +++ b/test/infrastructure/docker/Dockerfile @@ -16,6 +16,10 @@ # Run this with docker build --build-arg builder_image= ARG builder_image + +# Build architecture +ARG ARCH + FROM ${builder_image} as builder # Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy @@ -52,13 +56,16 @@ COPY . . # Essentially, change directories into CAPD WORKDIR /workspace/test/infrastructure/docker +# Build +ARG ARCH + # Build the CAPD manager using the compiler cache folder RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg/mod \ CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} go build -trimpath -a -o /workspace/manager main.go # NOTE: CAPD can't use non-root because docker requires access to the docker socket -FROM gcr.io/distroless/static:latest +FROM --platform=${ARCH} gcr.io/distroless/static:latest WORKDIR / COPY --from=builder /workspace/manager .