Update dockerfile (#1537)

google · Aug 19, 2024 · 6829740 · 6829740
1 parent f0e3cc8
commit 6829740
Showing 1 changed file with 29 additions and 21 deletions.
diff --git a/docker/controller/Dockerfile b/docker/controller/Dockerfile
@@ -1,44 +1,52 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive 
-RUN apt-get update && apt-get -y install \
+ENV PIP_NO_CACHE_DIR=1
+RUN apt-get update && apt-get -y upgrade && apt-get -y install \
     apt-transport-https \
     apt-utils \
     ca-certificates \
     git \
     libterm-readline-gnu-perl \
     python3-pip \
     software-properties-common \
-    lsof \
-    vim \
-    curl \
     sudo \
-    && rm -rf /var/lib/apt/lists/*
+    && apt-get clean && rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
 RUN pip3 install pip --upgrade
-RUN pip3 install urllib3 cryptography requests --upgrade
+RUN pip3 install poetry
 
-ADD requirements.txt /tmp/
-RUN cd /tmp/ && pip3 install -r requirements.txt
-
-ADD . /tmp/
-# unshallow and fetch all tags so our build systems pickup the correct git tag if it's a shallow clone
-RUN if $(cd /tmp/ && git rev-parse --is-shallow-repository); then cd /tmp/ && git fetch --prune --unshallow && git fetch --depth=1 origin +refs/tags/*:refs/tags/*; fi
-
-RUN cd /tmp/ && python3 setup.py install
-
-RUN useradd -r -s /bin/nologin -G disk,sudo -u 999 turbinia
-RUN echo "turbinia ALL = (root) NOPASSWD: ALL" > /etc/sudoers.d/turbinia
+RUN useradd -r -s /sbin/nologin -u 999 turbinia
 
 RUN mkdir /etc/turbinia && mkdir -p /mnt/turbinia/ && mkdir -p /var/lib/turbinia/ \
     && mkdir -p /var/log/turbinia/ && chown -R turbinia:turbinia /mnt/turbinia/ \
     && mkdir -p /etc/turbinia/ \
     && chown -R turbinia:turbinia /var/lib/turbinia/ \
     && chown -R turbinia:turbinia /etc/turbinia/ \
-    && chown -R turbinia:turbinia /var/log/turbinia/
+    && chown -R turbinia:turbinia /var/log/turbinia/ \
+    && mkdir -p /home/turbinia && chown -R turbinia:turbinia /home/turbinia
+
+# Drop privileges and set the working directory
+USER turbinia
+WORKDIR /home/turbinia
+
+# Copy requirements and install dependencies to cache them in docker layer
+COPY --chown=turbinia:turbinia ./pyproject.toml ./poetry.toml ./poetry.lock /home/turbinia/
+RUN poetry install --no-interaction --no-ansi --no-root
+
+ENV PATH="/home/turbinia/.venv/bin:$PATH" \
+    VIRTUAL_ENV=/home/turbinia/.venv
+
+# Copy the source directory to the container
+COPY --chown=turbinia:turbinia . /home/turbinia/
+COPY --chown=turbinia:turbinia docker/controller/start.sh /home/turbinia/start.sh
+COPY --chown=turbinia:turbinia k8s/tools/load-test.sh /home/turbinia/load-test.sh
+
+RUN chmod +rwx /home/turbinia/start.sh
+
+# Install Turbinia package -- will skip dependencies if installed
+RUN poetry install --no-interaction --no-ansi
 
-COPY docker/controller/start.sh /home/turbinia/start.sh
-COPY k8s/tools/load-test.sh /home/turbinia/load-test.sh
 RUN chmod +rwx /home/turbinia/start.sh /home/turbinia/load-test.sh && chown -R turbinia:turbinia /home/turbinia/
 USER turbinia
 CMD ["/home/turbinia/start.sh"]