# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # *NOTE* we have to limit our number of layers heres because in presubmits there # is no overlay fs and we will run out of space quickly ################# BUILDER ###################### ARG BASE_IMAGE=unused ARG BUILDER_IMAGE=unused ARG BUILT_BUILDER_IMAGE=unused FROM ${BUILDER_IMAGE} as builder ARG OUTPUT_DEBUG_LOG # the version of haproxy provided by al2 is too old and does not work with the config generated by kind # for now build haproxy from source, version 2.5 which is newer than what kind uses but this is the first # version to support openssl3 which al2023 ships with ENV DEV_DEPS="make gcc gcc-c++ gzip pcre-devel openssl-devel readline-devel systemd-devel tar zlib-devel" ENV HAPROXY_VERSION="2.5.8" RUN set -x && \ cd /tmp && \ yum install -y $DEV_DEPS && \ curl -sSL http://www.haproxy.org/download/${HAPROXY_VERSION%.*}/src/haproxy-$HAPROXY_VERSION.tar.gz -o haproxy-$HAPROXY_VERSION.tar.gz && \ tar -xf haproxy-$HAPROXY_VERSION.tar.gz && \ cd haproxy-$HAPROXY_VERSION && \ make TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 && \ cp haproxy $NEWROOT/usr/sbin && \ # copy licenses mkdir -p $NEWROOT/usr/share/doc/haproxy && \ cp -rf doc/* $NEWROOT/usr/share/doc/haproxy && \ yum remove -y --setopt=protected_packages=False $DEV_DEPS && \ clean_yum && \ cd /tmp && \ rm -rf haproxy-$HAPROXY_VERSION haproxy-$HAPROXY_VERSION.tar.gz # Copy scripts in every variant since we do not rebuild the base # every time these scripts change. This ensures whenever a variant is # built it has the latest scripts in the builder COPY scripts/ /usr/bin # libkrad installed with rpm with required deps but not needed by haproxy and missing deps ENV CLEANUP_UNNECESSARY_FILES="/usr/lib64/libkrad*" RUN set -x && \ export OUTPUT_DEBUG_LOG=${OUTPUT_DEBUG_LOG} && \ install_deps_for_binary $NEWROOT/usr/sbin/haproxy && \ # TODO: remove these when changes can be coordinated in eks-a-build-tooling install_binary /usr/bin/cp \ /usr/bin/mkdir \ /usr/bin/kill &&\ cleanup "haproxy" # create haproxy user RUN set -x && \ cp $NEWROOT/etc/{group,passwd} /etc && \ groupadd -r haproxy && \ useradd -r -g haproxy -u 1000 haproxy && \ cp /etc/{group,passwd} $NEWROOT/etc ################# HAPORXY #################### FROM ${BUILT_BUILDER_IMAGE} as base-haproxy-builder FROM ${BASE_IMAGE} as final COPY --from=base-haproxy-builder /newroot / USER haproxy