~bitfehler/k8s.sr.ht

4762f9045bd32c7fe5f8e760a7cd4ee9737c7622 — Drew DeVault 1 year, 2 months ago e36b6b2
redis: rewrite Containerfile
2 files changed, 48 insertions(+), 9 deletions(-)

A redis/Containerfile
D redis/Dockerfile
A redis/Containerfile => redis/Containerfile +48 -0
@@ 0,0 1,48 @@
FROM alpine:3.18

# alpine-sdk: build essentials
# linux-headers & openssl-dev: redis build dependencies
# tcl procps: redis test dependencies
RUN apk --no-cache add \
	alpine-sdk linux-headers openssl-dev \
	tcl procps
RUN wget https://download.redis.io/releases/redis-7.2.1.tar.gz \
	&& tar -xf redis-7.2.1.tar.gz \
	&& cd redis-7.2.1 \
	&& CFLAGS="-DUSE_MALLOC_USABLE_SIZE -O2 -flto=auto" \
	   make USE_JEMALLOC=no MALLOC=libc BUILD_TLS=yes all \
	&& make test \
	&& make install

RUN adduser -Dh/data -s/sbin/nologin -u1000 redis

FROM scratch

COPY --from=0 /usr/local/bin/redis-server /bin/
COPY --from=0 /etc/ssl /etc/ssl
COPY --from=0 /lib/libssl.so.* /lib/
COPY --from=0 /lib/libcrypto.so.* /lib/
COPY --from=0 /lib/libc.musl-x86_64.so.* /lib/
COPY --from=0 /lib/ld-musl-x86_64.so.1 /lib/

# Add temporary files to facilitate the remaining steps
COPY --from=0 /bin/busybox /bin/
COPY --from=0 /bin/chown /bin/
COPY --from=0 /bin/mkdir /bin/
COPY --from=0 /bin/rm /bin/
COPY --from=0 /bin/sh /bin/
COPY --from=0 /etc/group /etc/
COPY --from=0 /etc/passwd /etc/

RUN mkdir /data && chown redis:redis /data

# Clean up temporary files
RUN rm -f /etc/passwd /etc/group \
	/bin/busybox /bin/chown /bin/mkdir /bin/rm /bin/sh

USER 1000
WORKDIR /data
EXPOSE 6379/tcp

ENTRYPOINT ["/bin/redis-server"]
CMD ["--daemonize", "no", "--protected-mode", "no"]

D redis/Dockerfile => redis/Dockerfile +0 -9
@@ 1,9 0,0 @@
FROM alpine:3.18

RUN apk --no-cache add redis ca-certificates doas
RUN echo "permit nopass root" >> /etc/doas.d/doas.conf

RUN mkdir /data && chown redis:redis /data
WORKDIR /data

ENTRYPOINT ["/usr/bin/doas", "-u", "redis", "/usr/bin/redis-server", "--protected-mode", "no"]