[PR #380] A few changes to the Dockerfile #397

New issue

Open

opened 2026-03-13 16:21:45 +03:00 by kerem · 0 comments

kerem commented

2026-03-13 16:21:45 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/acme-dns/acme-dns/pull/380
Author: @nresare
Created: 5/7/2025
Status: 🔄 Open

Base: master ← Head: dockerfile_fix

📝 Commits (1)

93c5db7 A few changes to the Dockerfile

📊 Changes

1 file changed (+10 additions, -11 deletions)

View changed files

📝 Dockerfile (+10 -11)

📄 Description

Submitting this as a PR mainly to solicit feedback and discuss potentially contributing documentation on how to best run acme-dns in Kubernetes. Since I wanted to build the docker images for arm64 anyway, I thought I might as well make some other changes:

Use a distroless base image instead of the alpine base for security hardening
Use golang:bookworm as build image
Build the currently checked out tree instead of the lastet main branch from github

The last one bit me a little as I tried making some changes to the local repository, only to have docker build build from the latest master commit, disregarding my local changes.

One thing that differs with this docker image compared to the previous one is that as it is set up to run as an unprivileged user, the process does not have permission to open ports under 1024 without special capabilities configuration. In Kubernetes, ports can be remapped via the Service or some Ingress or Gateway implementation, so this is not a problem, but I guess it would require some rewriting of the current docker setup documentation.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/acme-dns/acme-dns/pull/380 **Author:** [@nresare](https://github.com/nresare) **Created:** 5/7/2025 **Status:** 🔄 Open **Base:** `master` ← **Head:** `dockerfile_fix` --- ### 📝 Commits (1) - [`93c5db7`](https://github.com/acme-dns/acme-dns/commit/93c5db76fd043bcee7f078449a978dbeb86cb365) A few changes to the Dockerfile ### 📊 Changes **1 file changed** (+10 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `Dockerfile` (+10 -11) </details> ### 📄 Description Submitting this as a PR mainly to solicit feedback and discuss potentially contributing documentation on how to best run acme-dns in Kubernetes. Since I wanted to build the docker images for arm64 anyway, I thought I might as well make some other changes: * Use a distroless base image instead of the alpine base for security hardening * Use golang:bookworm as build image * Build the currently checked out tree instead of the lastet main branch from github The last one bit me a little as I tried making some changes to the local repository, only to have `docker build` build from the latest master commit, disregarding my local changes. One thing that differs with this docker image compared to the previous one is that as it is set up to run as an unprivileged user, the process does not have permission to open ports under 1024 without special capabilities configuration. In Kubernetes, ports can be remapped via the Service or some Ingress or Gateway implementation, so this is not a problem, but I guess it would require some rewriting of the current docker setup documentation. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>