demo-1/Dockerfile

# 构建 operator 的镜像
# Build the manager binary

###################### build 阶段 ###########################
# 获取编译需要的环境，并且将这个阶段（镜像）命名为 builder
FROM golang:1.19 as builder
# 参数定义，用户选择性的设置这些参数 TARGETOS="linux" TARGETARCH="amd64|arm64" docker build
ARG TARGETOS
ARG TARGETARCH

# 指定工作目录，后续的命令都是在这个目录下进行
WORKDIR /workspace
# Copy the Go Modules manifests
# 拷贝 go 依赖相关的文件
COPY go.mod go.mod
COPY go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
# 下载依赖
RUN go mod download

# Copy the go source
# 拷贝 operator 相关的文件及文件夹
COPY main.go main.go
COPY api/ api/
COPY controllers/ controllers/

# Build
# the GOARCH has not a default value to allow the binary be built according to the host where the command
# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
# 开始执行构建，这里会产出我们需要的可执行的二进制文件
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go

######################### 创建运行镜像阶段 ################################
# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
# 定义运行镜像的来源
FROM gcr.io/distroless/static:nonroot
# 指定工作目录，后续的执行都在此目录下
WORKDIR /
# 从 builder 阶段（镜像）中拷贝之前生成的可执行二进制文件
COPY --from=builder /workspace/manager
# 设置运行的账户
USER 65532:65532

# 设置入口文件。如果镜像的时候，我们没有指定运行命令，将会自动运行此命令。
ENTRYPOINT ["/manager"]