# Copyright 2023 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

### Dockerfile for building a distroless image for testing
# Modified version of https://github.com/kubernetes/release/blob/master/images/build/distroless-iptables/distroless/Dockerfile

ARG STAGE_DIR="/opt/stage"

FROM debian:bullseye-slim as build
ARG STAGE_DIR

COPY test/build/stage-binaries-from-package.sh /
COPY test/build/package-utils.sh /
COPY test/build/stage-binary-and-deps.sh /

RUN mkdir -p "${STAGE_DIR}" && \
    /stage-binaries-from-package.sh "${STAGE_DIR}" conntrack \
    ebtables    \
    ipset       \
    iptables    \
    kmod		&& \
	`# below binaries and dash are used by iptables-wrapper-installer.sh` \
    /stage-binary-and-deps.sh "${STAGE_DIR}" /bin/dash \
    /bin/mv \
    /bin/chmod \
    /bin/grep \
    /bin/ln  \
    /bin/rm \
    /bin/sleep \
    /usr/bin/wc

RUN ln -sf /bin/dash "${STAGE_DIR}"/bin/sh

FROM gcr.io/distroless/static as intermediate
ARG STAGE_DIR

COPY test/build/clean-distroless.sh /clean-distroless.sh
COPY --from=build "${STAGE_DIR}" /
COPY iptables-wrapper-installer.sh /
COPY bin/iptables-wrapper /
# iptables-wrapper-installer needs to know that iptables exists before doing all its magic
RUN echo "" >  /usr/sbin/iptables && \
	/iptables-wrapper-installer.sh && \
    /clean-distroless.sh

FROM scratch

COPY --from=intermediate / /
COPY bin/tests /