Gitiles
Code Review Sign In
osm.etsi.org / osm / LCM / 751eec61003a4e505163cf8f625d6279d7abb901 / . / Dockerfile.production
blob: 8087ebff223454a73ad7f5ab2c0f2b5e9af77f8f [file] [log] [blame]
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]1# syntax=docker/dockerfile:1
2#######################################################################################
3# Copyright ETSI Contributors and Others.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
14# implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17#######################################################################################
18
19
20#######################
21# Stage 1: Base Stage #
22#######################
23
24FROM python:3.10-alpine AS base
25
26ENV PYTHONUNBUFFERED=1 \
27 PYTHONDONTWRITEBYTECODE=1 \
28 PIP_DISABLE_PIP_VERSION_CHECK=1
29
30
31#################################################################################################################################################################
32
33########################
34# Stage 2: Build Stage #
35########################
36
37FROM base AS build
38
39ENV HELM_VERSION="3.15.1"
40
41# Install required system packages with pinned versions
42RUN apk add --no-cache \
43 build-base \
44 patch \
45 gcc \
46 git \
47 zlib-dev \
48 curl \
49 linux-headers \
50 openssh-client \
51 openssh-keygen \
52 openssl \
53 musl-dev \
54 bash
55
56# Install kubectl with version pinning
57RUN curl -LO "https://dl.k8s.io/release/v1.30.13/bin/linux/amd64/kubectl" \
58 && chmod +x kubectl \
59 && mv kubectl /usr/local/bin/
60
61RUN curl -sSL "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" -o helm-v${HELM_VERSION}.tar.gz \
62 && tar -zxvf helm-v${HELM_VERSION}.tar.gz \
63 && mv linux-amd64/helm /usr/local/bin/helm3 \
64 && rm -rf linux-amd64 helm-v${HELM_VERSION}.tar.gz
garciadeblas751eec62025-12-26 11:49:01 +0100[diff] [blame^]65WORKDIR /app
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]66
67# Isolate dependencies in a venv
garciadeblas751eec62025-12-26 11:49:01 +0100[diff] [blame^]68RUN python -m venv /app/.venv
69ENV PATH="/app/.venv/bin:$PATH"
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]70ARG COMMON_GERRIT_REFSPEC=master
71
72# Install OSM dependency modules with no cache
73RUN git clone --filter=blob:none --tags https://osm.etsi.org/gerrit/osm/common.git /tmp/osm-common \
74 && cd /tmp/osm-common \
75 && git fetch origin "${COMMON_GERRIT_REFSPEC}" \
76 && git checkout FETCH_HEAD \
77 && cd - \
78 && pip install --no-cache-dir -r /tmp/osm-common/requirements.txt \
79 && pip install --no-cache-dir /tmp/osm-common \
80 && rm -rf /tmp/osm-common
81
82COPY requirements.txt ./
83RUN pip install --no-cache-dir -r requirements.txt
84
85COPY . .
86RUN pip install --no-cache-dir .
87
garciadeblas751eec62025-12-26 11:49:01 +0100[diff] [blame^]88RUN find /app -type d -name ".tox" -exec rm -rf {} +
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]89
90
91#########################################################################################################################################################################
92
93#######################
94# Stage 3: Final Stage#
95#######################
96
97FROM base AS final
98WORKDIR /app
99
100# Install runtime dependencies with pinned versions
101RUN apk add --no-cache \
102 bash \
103 curl \
104 openssh-client \
105 openssh-keygen \
106 openssl
107
108COPY --from=build /usr/local/bin/helm3 /usr/local/bin/helm3
109COPY --from=build /usr/local/bin/kubectl /usr/bin/kubectl
110
111RUN addgroup -g 1000 appuser \
112 && adduser -D -G appuser -u 1000 appuser -h /app appuser \
113 && mkdir -p /app/storage/kafka \
114 && mkdir -p /app/log \
115 && chown -R appuser:appuser /app
116
117USER appuser:appuser
118
119ENV VIRTUAL_ENV=/app/.venv \
120 PATH="/app/.venv/bin:$PATH"
121
garciadeblas751eec62025-12-26 11:49:01 +0100[diff] [blame^]122COPY --from=build --chown=appuser:appuser /app/.venv /app/.venv
123COPY --from=build --chown=appuser:appuser /app/osm_lcm/n2vc/post-renderer-scripts/ /app/osm_lcm/n2vc/post-renderer-scripts/
124COPY --from=build --chown=appuser:appuser /app/scripts/ /app/scripts/
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]125
126EXPOSE 9090
127
128# Environment variables
129ENV OSMLCM_RO_HOST=ro \
130 OSMLCM_RO_PORT=9090 \
131 OSMLCM_RO_TENANT=osm \
132 OSMLCM_VCA_HOST=vca \
133 OSMLCM_VCA_PORT=17070 \
134 OSMLCM_VCA_USER=admin \
mesaj356f4942025-06-10 16:41:13 +0200[diff] [blame]135 OSMLCM_VCA_CLOUD=localhost \
136 OSMLCM_VCA_HELMPATH=/usr/local/bin/helm3 \
137 OSMLCM_VCA_KUBECTLPATH=/usr/bin/kubectl \
138 OSMLCM_VCA_JUJUPATH=/usr/local/bin/juju \
139 OSMLCM_DATABASE_DRIVER=mongo \
140 OSMLCM_DATABASE_URI="mongodb://mongo:27017" \
141 OSMLCM_STORAGE_DRIVER=local \
142 OSMLCM_STORAGE_PATH=/app/storage \
143 OSMLCM_MESSAGE_DRIVER=kafka \
144 OSMLCM_MESSAGE_HOST=kafka \
145 OSMLCM_MESSAGE_PORT=9092 \
146 OSMLCM_GLOBAL_LOGLEVEL=DEBUG \
147 OSMLCM_MAINPOSTRENDERERPATH=/app/osm_lcm/n2vc/post-renderer-scripts/mainPostRenderer/mainPostRenderer \
148 OSMLCM_PODLABELSPOSTRENDERERPATH=/app/osm_lcm/n2vc/post-renderer-scripts/podLabels/podLabels \
149 OSMLCM_NODESELECTORPOSTRENDERERPATH=/app/osm_lcm/n2vc/post-renderer-scripts/nodeSelector/nodeSelector \
150 OSMLCM_VCA_STABLEREPOURL=https://charts.helm.sh/stable
151
152HEALTHCHECK --start-period=120s --interval=30s --timeout=30s --retries=3 \
153 CMD python3 -m osm_lcm.lcm_hc || exit 1
154
155# Use JSON notation for CMD
156CMD ["python3", "-m", "osm_lcm.lcm"]
157