-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathContainerfile
More file actions
75 lines (54 loc) · 2.11 KB
/
Copy pathContainerfile
File metadata and controls
75 lines (54 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
ARG FEDORA_VERSION="43"
ARG COREDNS_VERSION="1.14.2"
#===============================================================================
ARG BUILDPLATFORM
FROM --platform=$BUILDPLATFORM quay.io/fedora/fedora:${FEDORA_VERSION} AS builder
RUN dnf install -y --setopt=install_weak_deps=False --no-docs \
make \
util-linux
ARG BUILDARCH
RUN { \
GO_VERSION=$(curl -s 'https://go.dev/VERSION?m=text' | sed -ne 's/^go//p'); \
GO_ARCH=$BUILDARCH; \
if [[ "$BUILDARCH" == "arm" ]]; then GO_ARCH="arm64"; fi; \
curl -# -L https://go.dev/dl/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz | \
tar -C /usr/local -zx; \
}
ENV PATH=/usr/local/go/bin:$PATH
ARG COREDNS_VERSION
RUN mkdir /coredns && \
curl -# -L https://github.com/coredns/coredns/archive/refs/tags/v${COREDNS_VERSION}.tar.gz \
| tar -C /coredns -zx --strip-components=1
WORKDIR /coredns/
RUN go get github.com/wranders/coredns-filter
RUN sed -i '/^cache:cache/i filter:github.com/wranders/coredns-filter' plugin.cfg
ARG TARGETARCH
ARG TARGETVARIANT
RUN export GOARCH=$TARGETARCH; \
export GOARM=$(echo "$TARGETVARIANT" | sed -ne 's/^v//p'); \
make
RUN mkdir -p /scratch/etc/ && \
touch /scratch/etc/{passwd,group} && \
useradd coredns \
--prefix=/scratch \
--no-log-init \
--system \
--user-group \
--no-create-home \
--shell=/sbin/nologin
RUN setcap 'cap_net_bind_service=+ep' coredns
#===============================================================================
FROM scratch
LABEL org.opencontainers.image.source="https://github.com/wranders/coredns-filter"
LABEL org.opencontainers.image.authors="W Anders <w@doubleu.codes>"
LABEL org.opencontainers.image.title="coredns-filter"
LABEL org.opencontainers.image.description="Sinkholing in CoreDNS"
LABEL org.opencontainers.image.licenses="MIT"
COPY --from=builder /scratch /
COPY --from=builder /coredns/coredns /
COPY --from=builder /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
/etc/ssl/certs/ca-certificates.crt
COPY --from=builder /sbin/nologin /sbin/
EXPOSE 53/tcp 53/udp 443/tcp 853/tcp
USER coredns
ENTRYPOINT [ "/coredns" ]