Add Docker Bench for Security
[validation.git] / docker / k8s / Dockerfile
1 ##############################################################################
2 # Copyright (c) 2019 AT&T, ENEA AB, Nokia and others                         #
3 #                                                                            #
4 # Licensed under the Apache License, Version 2.0 (the "License");            #
5 # you maynot use this file except in compliance with the License.            #
6 #                                                                            #
7 # You may obtain a copy of the License at                                    #
8 #       http://www.apache.org/licenses/LICENSE-2.0                           #
9 #                                                                            #
10 # Unless required by applicable law or agreed to in writing, software        #
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
13 # See the License for the specific language governing permissions and        #
14 # limitations under the License.                                             #
15 ##############################################################################
16
17 # ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
18 FROM golang:alpine3.9 as build
19
20 # Sonobuoy supports Kubernetes versions 1.11, 1.12 and 1.13
21 ARG K8S_TAG=v1.13.0
22
23 # Install dependencies
24 COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
25
26 RUN apk --no-cache add --update \
27         openssl \
28         python3 \
29         bash \
30         findutils \
31         gcc \
32         git \
33         grep \
34         libc-dev \
35         libffi \
36         libffi-dev \
37         make \
38         openssl-dev \
39         python3-dev \
40         py3-pip \
41         rsync
42
43 # Build binaries; detect the architecture automatically (default is amd64)
44 RUN git clone https://github.com/kubernetes/kubernetes /src/k8s.io/kubernetes
45 RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
46     echo "Building docker on $HOST_ARCH" && \
47     cd /src/k8s.io/kubernetes && \
48     git checkout $K8S_TAG && \
49     make kubectl ginkgo && \
50     make WHAT=test/e2e/e2e.test ARCH=$HOST_ARCH
51 RUN go get -u -v github.com/heptio/sonobuoy
52 RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation/repo
53 RUN cat /opt/akraino/validation/repo/bluval/requirements.txt >> \
54     /wheels/requirements/pip-requirements.txt
55
56 WORKDIR /wheels
57 RUN pip3 install wheel
58 RUN pip3 wheel -r /wheels/requirements/pip-requirements.txt
59
60 # Copy binaries in the final contaier and install robot framework
61 FROM python:3.6-alpine3.9
62 COPY --from=build /src/k8s.io/kubernetes/_output/bin /usr/local/bin
63 COPY --from=build /go/bin/sonobuoy /bin/sonobuoy
64 COPY --from=build /wheels /wheels
65 COPY --from=build /opt/akraino/validation/repo /opt/akraino/validation/repo
66
67 RUN pip3 install -r /wheels/requirements/pip-requirements.txt \
68                  -f /wheels && \
69      rm -rf /wheels && \
70      rm -rf /root/.cache/pip/*
71
72 # Set the default command for running the tests
73 CMD python3 /opt/akraino/validation/repo/bluval/bluval.py base -l k8s