-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile.prebuilt
More file actions
72 lines (59 loc) · 3.46 KB
/
Copy pathDockerfile.prebuilt
File metadata and controls
72 lines (59 loc) · 3.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Lightweight Docker image for KalamDB using pre-built binaries
#
# Option 1: Build with local binaries (after `cargo build --release`):
# docker build -f docker/build/Dockerfile.prebuilt -t jamals86/kalamdb:latest .
#
# Option 2: Used in release workflow with pre-compiled binaries:
# docker build --build-context binaries=binaries-amd64 -f docker/build/Dockerfile.prebuilt -t jamals86/kalamdb:latest .
# Prepare runtime assets without pulling a full distro into the final image.
FROM busybox:1.36.1-musl AS runtime-prep
RUN mkdir -p /runtime/usr/local/bin /runtime/data/rocksdb /runtime/data/storage /runtime/data/logs /runtime/config && \
cp /bin/busybox /runtime/usr/local/bin/busybox
# Copy default server configuration and normalize the data path before the final stage.
COPY backend/server.example.toml /runtime/config/server.toml
RUN sed -i 's|data_path = "\./data"|data_path = "/data"|g' /runtime/config/server.toml
# Distroless runtime keeps the final image smaller and reduces the attack surface.
# Debian 13 provides a newer glibc that matches the release-built Linux binaries.
FROM gcr.io/distroless/cc-debian13:nonroot
ARG OCI_IMAGE_TITLE="KalamDB"
ARG OCI_IMAGE_DESCRIPTION="SQL-first realtime state database for AI agents, chat products, and multi-tenant SaaS"
ARG OCI_IMAGE_URL="https://kalamdb.org"
ARG OCI_IMAGE_SOURCE="https://github.com/jamals86/KalamDB"
ARG OCI_IMAGE_DOCUMENTATION="https://kalamdb.org/docs"
ARG OCI_IMAGE_VENDOR="KalamDB"
ARG OCI_IMAGE_AUTHORS="Jamal Saad"
ARG OCI_IMAGE_LICENSES="Apache-2.0"
ARG OCI_IMAGE_VERSION="dev"
ARG OCI_IMAGE_REVISION="unknown"
ARG OCI_IMAGE_CREATED="unknown"
LABEL org.opencontainers.image.title="${OCI_IMAGE_TITLE}" \
org.opencontainers.image.description="${OCI_IMAGE_DESCRIPTION}" \
org.opencontainers.image.url="${OCI_IMAGE_URL}" \
org.opencontainers.image.source="${OCI_IMAGE_SOURCE}" \
org.opencontainers.image.documentation="${OCI_IMAGE_DOCUMENTATION}" \
org.opencontainers.image.vendor="${OCI_IMAGE_VENDOR}" \
org.opencontainers.image.authors="${OCI_IMAGE_AUTHORS}" \
org.opencontainers.image.licenses="${OCI_IMAGE_LICENSES}" \
org.opencontainers.image.version="${OCI_IMAGE_VERSION}" \
org.opencontainers.image.revision="${OCI_IMAGE_REVISION}" \
org.opencontainers.image.created="${OCI_IMAGE_CREATED}"
# Copy pre-built binaries from build context (provided via --build-context binaries=...)
# The build context should contain kalamdb-server and kalam binaries
COPY --from=binaries --chmod=755 kalamdb-server /usr/local/bin/kalamdb-server
COPY --from=binaries --chmod=755 kalam /usr/local/bin/kalam-cli
COPY --from=binaries --chmod=755 kalam /usr/local/bin/kalam
COPY --from=runtime-prep --chmod=755 /runtime/usr/local/bin/busybox /usr/local/bin/busybox
# Copy writable runtime paths and the normalized config with non-root ownership.
COPY --from=runtime-prep --chown=65532:65532 /runtime/data /data
COPY --from=runtime-prep --chown=65532:65532 /runtime/config /config
# Distroless nonroot uses uid/gid 65532.
USER 65532:65532
# Set working directory (server looks for server.toml here)
WORKDIR /data
# Expose default port
EXPOSE 8080
# Health check using busybox to avoid shipping curl in the runtime image.
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD ["/usr/local/bin/busybox", "wget", "--spider", "-q", "http://127.0.0.1:8080/health"]
# Default command: run server (looks for server.toml in current directory)
CMD ["/usr/local/bin/kalamdb-server", "/config/server.toml"]