-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathDockerfile.google
More file actions
128 lines (115 loc) · 5.51 KB
/
Dockerfile.google
File metadata and controls
128 lines (115 loc) · 5.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# This dockerfile is multi target. Use DOCKER_BUILDKIT=1 when building and reference the target:
# --target=vendor with -o <host local path> to build image with the generated dependencies to copy and vendor on demand.
# --target=app to build actual application image.
# For the lack of the other official Google nodejs image, we use serverless project
# images to build the Prometheus frontent (https://cloud.google.com/docs/buildpacks/base-images).
ARG IMAGE_BUILD_NODEJS=us-central1-docker.pkg.dev/serverless-runtimes/google-22/runtimes/nodejs22:latest@sha256:9e88442205b4c956ca4996c2be626db6ef412043182cdd620e741d0d5e14b6a6
ARG IMAGE_BUILD_GO=google-go.pkg.dev/golang:1.24.12@sha256:a2a2c582213a44e1b8617bfa310e7a3aa8712f5480793b58aa53e57711ea111f
ARG IMAGE_BASE_DEBUG=gcr.io/distroless/base-nossl-debian12:debug
ARG IMAGE_BASE=gke.gcr.io/gke-distroless/libc:gke_distroless_20260107.00_p0@sha256:76d0dfed4a2148e2c5d2f2c3aae5fc4f2f2ab9ccd842994359ee982a24cb22de
FROM ${IMAGE_BUILD_GO} AS gobase
WORKDIR /workspace
# Verify early if we have all we need.
RUN go version
FROM ${IMAGE_BUILD_NODEJS} AS nodebase
WORKDIR /workspace
# Changed to root,as normally it's underprivileged www-data user.
# For building stages it's fine to do it as root and have less complex scripts.
USER root
# Go, make, git, bzip2 are needed in Prometheus vendor and build steps, take Go
# from the gobase, rest from apt.
COPY --from=gobase /usr/local/go /usr/local/
ENV PATH="/usr/local/go/bin:${PATH}"
RUN apt-get update
RUN apt-get -y install bzip2 make git
# Verify early if we have all we need.
RUN npm version
RUN make -v
RUN git --version
RUN bzip2 --version
RUN go version
# --target=vendor
FROM gobase AS govendor
COPY . ./
RUN go mod vendor
FROM nodebase AS nodevendor
COPY . ./
# On the nodebase image, the NODE_ENV is set to production, causing npm install
# to omit devDependencies. That would be normally preferred (much less packages
# vendored, avoiding security vuln. for deps used for tests), but Prometheus uses
# some devDependencies for normal build at the moment too e.g. @lezer/generator
# (custom build script), rollup, tsc (TypeScript) and probably more.
# Installing those manually later on is prone to errors, especially across
# different Prometheus versions.
# TODO(bwplotka): Consider moving those deps in upstream to non-dev lists.
ENV NODE_ENV="development"
RUN make ui-install
FROM scratch AS vendor
COPY --from=govendor /workspace/vendor vendor
COPY --from=nodevendor /workspace/web/ui/node_modules web/ui/node_modules
COPY --from=nodevendor /workspace/web/ui/module/codemirror-promql/node_modules web/ui/module/codemirror-promql/node_modules
COPY --from=nodevendor /workspace/web/ui/react-app/node_modules web/ui/react-app/node_modules
# --target=app
# Compile the UI assets.
FROM nodebase AS assets
COPY . ./
# Only build the UI but don't run ui-install; deps should be installed in separate step (--target=vendor).
RUN make ui-build
RUN scripts/compress_assets.sh
RUN make npm_licenses
# Build the actual Go binary.
FROM gobase AS buildbase
COPY --from=assets /workspace ./
ENV GOEXPERIMENT=boringcrypto
ENV CGO_ENABLED=1
ENV GOFIPS140=off
ENV GOTOOLCHAIN=local
ENV GOARCH=${TARGETARCH}
ENV GOOS=${TARGETOS}
RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \
apt install -y --no-install-recommends \
gcc-aarch64-linux-gnu libc6-dev-arm64-cross; \
CC=aarch64-linux-gnu-gcc; \
fi && \
go build \
-tags builtinassets -mod=vendor \
-ldflags="-X github.com/prometheus/common/version.Version=$(cat VERSION) \
-X github.com/prometheus/common/version.BuildDate=$(date --iso-8601=seconds)" \
./cmd/prometheus && \
go build \
-mod=vendor \
-ldflags="-X github.com/prometheus/common/version.Version=$(cat VERSION) \
-X github.com/prometheus/common/version.BuildDate=$(date --iso-8601=seconds)" \
./cmd/promtool && \
go build \
-mod=vendor \
-ldflags="-X github.com/prometheus/common/version.Version=$(cat VERSION) \
-X github.com/prometheus/common/version.BuildDate=$(date --iso-8601=seconds)" \
./google/cmd/prw2gcm
# Configure distroless base image like the upstream Prometheus image.
# Since the directory and symlink setup needs shell access, we need yet another
# intermediate stage.
FROM ${IMAGE_BASE_DEBUG} AS appbase
COPY documentation/examples/prometheus.yml /etc/prometheus/prometheus.yml
COPY console_libraries/ /usr/share/prometheus/console_libraries/
COPY consoles/ /usr/share/prometheus/consoles/
RUN ["/busybox/sh", "-c", "ln -s /usr/share/prometheus/console_libraries /usr/share/prometheus/consoles/ /etc/prometheus/"]
RUN ["/busybox/sh", "-c", "mkdir -p /prometheus"]
FROM ${IMAGE_BASE} AS app
COPY --from=buildbase /workspace/prometheus /bin/prometheus
COPY --from=buildbase /workspace/promtool /bin/promtool
COPY --from=buildbase /workspace/prw2gcm /bin/prw2gcm
COPY --from=appbase --chown=nobody:nobody /etc/prometheus /etc/prometheus
COPY --from=appbase --chown=nobody:nobody /prometheus /prometheus
COPY --from=appbase /usr/share/prometheus /usr/share/prometheus
COPY LICENSE /LICENSE
COPY NOTICE /NOTICE
COPY --from=assets /workspace/npm_licenses.tar.bz2 /npm_licenses.tar.bz2
USER nobody
EXPOSE 9090
VOLUME [ "/prometheus" ]
ENTRYPOINT [ "/bin/prometheus" ]
CMD [ "--config.file=/etc/prometheus/prometheus.yml", \
"--storage.tsdb.path=/prometheus", \
"--web.console.libraries=/usr/share/prometheus/console_libraries", \
"--web.console.templates=/usr/share/prometheus/consoles" ]