76 lines
2.3 KiB
Docker
76 lines
2.3 KiB
Docker
# Full Production Dockerfile with Podman and SSH
|
|
FROM golang:1.25-alpine AS builder
|
|
|
|
# Install dependencies
|
|
RUN apk add --no-cache git make
|
|
|
|
# Set working directory
|
|
WORKDIR /app
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
|
|
# Download dependencies
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build Go binaries
|
|
RUN go build -o bin/api-server cmd/api-server/main.go && \
|
|
go build -o bin/worker cmd/worker/worker_server.go cmd/worker/worker_config.go
|
|
|
|
# Final stage with Podman
|
|
FROM alpine:3.19
|
|
|
|
# Install runtime dependencies including Podman and SSH
|
|
RUN apk add --no-cache ca-certificates redis openssl curl podman openssh
|
|
|
|
# Create app user
|
|
RUN addgroup -g 1001 -S appgroup && \
|
|
adduser -u 1001 -S appuser -G appgroup
|
|
|
|
# Set working directory
|
|
WORKDIR /app
|
|
|
|
# Copy binaries from builder
|
|
COPY --from=builder /app/bin/ /usr/local/bin/
|
|
|
|
# Copy configs
|
|
COPY --from=builder /app/configs/ /app/configs/
|
|
|
|
# Create necessary directories
|
|
RUN mkdir -p /app/data/experiments /app/data/datasets /app/data/snapshots /app/logs /app/ssl /app/ssh /tmp/fetchml-jobs && \
|
|
mkdir -p /data/active/datasets /data/active/snapshots && \
|
|
mkdir -p /logs && \
|
|
chown -R appuser:appgroup /app /data /logs
|
|
|
|
# Generate SSL certificates
|
|
RUN openssl req -x509 -newkey rsa:2048 -keyout /app/ssl/key.pem -out /app/ssl/cert.pem -days 365 -nodes \
|
|
-subj "/C=US/ST=Homelab/L=Local/O=ML/OU=Experiments/CN=localhost" && \
|
|
chmod 644 /app/ssl/cert.pem && chmod 600 /app/ssl/key.pem
|
|
|
|
# Generate SSH keys for container communication
|
|
RUN ssh-keygen -t rsa -b 2048 -f /app/ssh/id_rsa -N "" && \
|
|
cp /app/ssh/id_rsa.pub /app/ssh/authorized_keys && \
|
|
chmod 600 /app/ssh/id_rsa && \
|
|
chmod 644 /app/ssh/id_rsa.pub /app/ssh/authorized_keys
|
|
|
|
# Configure SSH daemon
|
|
RUN echo "PermitRootLogin yes" >> /etc/ssh/sshd_config && \
|
|
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && \
|
|
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config && \
|
|
echo "AuthorizedKeysFile /app/ssh/authorized_keys" >> /etc/ssh/sshd_config
|
|
|
|
# Switch to app user
|
|
USER appuser
|
|
|
|
# Expose ports
|
|
EXPOSE 9101 22
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
|
|
CMD curl -k -f https://localhost:9101/health || exit 1
|
|
|
|
# Default command for API server
|
|
CMD ["/usr/local/bin/api-server", "-config", "/app/configs/api/prod.yaml"]
|