diff --git a/Dockerfile b/Dockerfile index 8ae6eb8..37fc112 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,24 @@ FROM golang:1.24-bookworm AS builder - WORKDIR /work COPY . . RUN make all -FROM gcr.io/distroless/static-debian12 +FROM debian:bookworm-slim AS certs +RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/* +COPY ca.pem /usr/local/share/ca-certificates/custom-ca.crt +RUN update-ca-certificates + +FROM debian:bookworm-slim + +RUN apt-get update && \ + apt-get install -y --no-install-recommends ca-certificates curl bash netcat-traditional iputils-ping && \ + rm -rf /var/lib/apt/lists/* + +COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + COPY --from=builder /work/bin/metal-image-cache-sync /metal-image-cache-sync -CMD ["/metal-image-cache-sync"] + +# Default shell for interactive execs +SHELL ["/bin/bash", "-c"] + +ENTRYPOINT ["/metal-image-cache-sync"] diff --git a/ca.pem b/ca.pem new file mode 100644 index 0000000..c59a564 --- /dev/null +++ b/ca.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIUGvsdKQhDQamtJJtiR6ivYAge7w4wDQYJKoZIhvcNAQEN +BQAwdTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmFyaWExDzANBgNVBAcTBk11 +bmljaDEUMBIGA1UEChMLTWV0YWwtU3RhY2sxDzANBgNVBAsTBkRldk9wczEcMBoG +A1UEAxMTbWV0YWwtY29udHJvbC1wbGFuZTAeFw0yNTEyMTUxNDEzMDBaFw0zMDEy +MTQxNDEzMDBaMHUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdCYXZhcmlhMQ8wDQYD +VQQHEwZNdW5pY2gxFDASBgNVBAoTC01ldGFsLVN0YWNrMQ8wDQYDVQQLEwZEZXZP +cHMxHDAaBgNVBAMTE21ldGFsLWNvbnRyb2wtcGxhbmUwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCVC4gX97kIXe60qSQfNkm0eWMcUHfrhZGeKmXCa3gw +aJYpByWCzHj68YwQVQV3vACvHxgAEbpNNOXUA2f9ycXoaCsuNtAlJy4HKBRPJdK0 +o8mvFYjn9YRvQzEU0l1GCEdLKUn5Q7Zt/C9YzcLtvAIQyc0t6RO8DzSQ+CzY5cwH +LyZcvdy/sc9vORaX8PiNSY1ROCB3tWKzhRGfrlqmJu/8qOjLLH8u+xxwRERkk+Ha +j8n4LJUecJfqVrfKENyEqoEqdYSJIP2S05jmBLZt/PM5SCg1ckz0fSZBh+mygZED +HSAVGfJnwTzgOCNztuScDPwN2vCKbhJfJ+sF4CQIPVFNa4kpCG4gqHMi7tyQU3DK +3HvjzqdUQcAQrwq319F7BDV5HDFoRl+eVCdYTM9VyE0Xp6FvYF29u1v3X8lK2rwb +YQ0LI0n/ZFs/e5UHRRXo9KgtgGGjeUnME7SMDY20wilO/Nv7AETfvX9UCdF5Js76 +9JUS0Vd6F3khkW+YnvUzyaqU47/w57nH4nxbalihTMgOAkxOnGEni7ug5h5BNsJW +uHredp2mTcJLmLmNPY/z3DzrTTycQCF7Wq3BRoKTh2pYj2E39NbmR1X71BKN70TI +DEXIBvDRhcZHqxFq5J5LVqsgJvBVdaqmegvVuAAM775hpmYp86LKAcgtI5ha3h47 +tQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUzPZimfRk+zPLvyZWla6oQ330DnQwDQYJKoZIhvcNAQENBQADggIBAIsE +XAkojkAvZdeND5A+i6CjoHW/oG1xXZkSHI42wpCgWmPbtKD2lUstrpRNSF6rF1CW +2UwenTt/0I5GvNABVVwXynDvN4OjfkftoUzyHdi+VVuygFXM/nq6Q/cOm78/35FW +ek0c6xfIhf3xzcmp9qPiZ6/OtV38gsnxv2qREAjRCKb68YghWLUgsA1M3R0t47RJ +U7hY3hNg2QcENho+bH9/R+MqHSABVulRCIMpxNkm1z8Gndc8M6hk9aU1u1aGatrp +vGLctMEbXbeUiQGEb39wP8+GsYk9HA1buFz867ON29jlWdXrUxsSuRF2toFXuFs1 +Ji3HIg7XacXWyU5FJ89WSjlbnNMliS5nmG0YZ3ce/Id8ojX5KPsRYXkSQFyLw8MT +EsqoQcp3dLDM3DfeW9CiCCId7Z1L0rB3orOkneo43ZqFHNOTBkhWpVae98AuMQrR +uPCFa8cJDIKYK1oCMJGVVdIu+PpZ8SJNTLhv2lFeeIfpAyE5dP2npN6qheraGypn +erliHMj9GbjSobyRxC8VVmFsDzY+H5O6PwSyMyTgwpRiXySuYYPTL6UFlWjKzpAR +VfOwo9/fO7zNpln+0dnnYjySKH3N8OTcQPU5Ax8GLUMnZMIhVS1WftLGLCFWiWNX +zs78t18HO7OAu8DVI35LDJTUML0JBzILftA/5ppN +-----END CERTIFICATE----- diff --git a/cmd/internal/determine-sync-images/lister.go b/cmd/internal/determine-sync-images/lister.go index 8db632d..3934b17 100644 --- a/cmd/internal/determine-sync-images/lister.go +++ b/cmd/internal/determine-sync-images/lister.go @@ -53,6 +53,8 @@ func (s *SyncLister) DetermineImageSyncList() ([]api.OS, error) { return nil, fmt.Errorf("error listing images:%w", err) } + s.logger.Info("image list response", "list", resp.Payload) + s.imageCollector.SetMetalAPIImageCount(len(resp.Payload)) expirationGraceDays := 24 * time.Hour * time.Duration(s.config.ExpirationGraceDays) // nolint:gosec