-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
94 lines (76 loc) · 2.78 KB
/
Dockerfile
File metadata and controls
94 lines (76 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Multi-stage Dockerfile for InferaDB Control
#
# This Dockerfile builds a minimal, secure production image using:
# - Multi-stage build to minimize final image size
# - Debian slim base image for compatibility
# - Official Rust Docker images only
# - Security scanning ready
# ============================================================================
# Stage 1: Builder - Build the application
# ============================================================================
FROM rustlang/rust:nightly-bookworm-slim AS builder
WORKDIR /app
# Install build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
protobuf-compiler \
clang \
libclang-dev \
&& rm -rf /var/lib/apt/lists/*
# Copy source code
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
# Build the application in release mode
RUN cargo build --release --bin inferadb-control
# Strip debug symbols to reduce binary size
RUN strip /app/target/release/inferadb-control
# ============================================================================
# Stage 2: Runtime - Minimal Debian slim image
# ============================================================================
FROM debian:bookworm-slim
# Metadata labels
LABEL org.opencontainers.image.title="InferaDB Control"
LABEL org.opencontainers.image.description="InferaDB Control Plane API"
LABEL org.opencontainers.image.vendor="InferaDB"
LABEL org.opencontainers.image.licenses="BSL-1.1"
LABEL org.opencontainers.image.source="https://github.com/inferadb/inferadb"
LABEL org.opencontainers.image.documentation="https://docs.inferadb.com"
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
ca-certificates \
libssl3 \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user and data directory for master key
RUN useradd -r -u 65532 -s /sbin/nologin nonroot \
&& mkdir -p /data && chown nonroot:nonroot /data
USER nonroot:nonroot
WORKDIR /app
# Copy the binary from builder
COPY --from=builder --chown=nonroot:nonroot /app/target/release/inferadb-control /app/inferadb-control
# Expose HTTP port
EXPOSE 9090
# Health check configuration
HEALTHCHECK NONE
# Set environment variables for production
ENV INFERADB__CONTROL__LOG_LEVEL=info
ENV RUST_BACKTRACE=1
VOLUME ["/data"]
# Run the binary
ENTRYPOINT ["/app/inferadb-control"]
# ============================================================================
# Build Instructions:
#
# Build the image:
# docker build -t inferadb-control:latest .
#
# Build with specific tag:
# docker build -t inferadb-control:v1.0.0 .
#
# Run the container:
# docker run -p 9090:9090 \
# -e INFERADB__CONTROL__STORAGE=memory \
# -v inferadb-data:/data \
# inferadb-control:latest
# ============================================================================