From 53a0584d01a1c0ca36c5d26b7e1ddd842ac6d0a9 Mon Sep 17 00:00:00 2001 From: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com> Date: Tue, 21 Jan 2025 14:04:11 +0100 Subject: [PATCH] Revert "Temporary revert minimal image docs (#2403)" This reverts commit a36af7ba8a7587ec2923b6043d8d01cc3ca83779. --- website/docs/intro/install/docker.mdx | 41 ++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/website/docs/intro/install/docker.mdx b/website/docs/intro/install/docker.mdx index e0e89ba038..037c003e88 100644 --- a/website/docs/intro/install/docker.mdx +++ b/website/docs/intro/install/docker.mdx @@ -33,9 +33,17 @@ The multi-platform images are available using the following tags: - `Major`.`Minor`: a specific minor version of OpenTofu, - `Major`.`Minor`.`Patch`: a specific patch version of OpenTofu, +Additionally, we make the following minimal tags available for [building a custom image](#building-your-own-image) starting with OpenTofu version 1.9.1: + +- `minimal`: minimal image containing only the OpenTofu binary at `/usr/local/bin/tofu` +- `Major-minimal`: minimal image of a specific major version of OpenTofu, +- `Major.Minor-minimal`: minimal image of a specific minor version of OpenTofu, +- `Major.Minor.Patch-minimal`: minimal image of a specific patch version of OpenTofu. + To pull platform-specific images (`amd64`, `arm`, `arm64`, `386`) use: - ``-``: a platform specific version of OpenTofu. +- ``-`minimal`-``: a platform specific minimal version of OpenTofu. ## Usage @@ -61,15 +69,40 @@ To run OpenTofu as a Docker container: ## Building your own image The OCI image published by OpenTofu is intended as a basic command line tool. If you need additional tools in the image -or want to build services on top of OpenTofu, you will need to build your own image. +or want to build services on top of OpenTofu, you will need to build your own image. You can do this in two ways: -### Step 1: Obtaining the installation script +1. Base your image on a minimal image (`ghcr.io/opentofu/opentofu:minimal` or similar) and use a multi-stage build to copy the `tofu` binary to your image. +2. Use the standalone installation script to install `tofu` into your container image. + +### Method 1: using a multi-stage build + +Assuming you want to use Alpine Linux, your `Dockerfile`/`Containerfile` could look like this: + +```Dockerfile +FROM ghcr.io/opentofu/opentofu:minimal AS tofu + +FROM alpine + +COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu + +# Your other build instructions +``` + +:::note + +Consider locking down the version to a specific layer SHA hash and update only when needed in order to get the benefit of integrity verification. + +::: + +### Method 2: Using the installation script + +#### Step 1: Obtaining the installation script OpenTofu publishes POSIX/Powershell installation scripts. You can use these scripts to safely install OpenTofu in your container image. Please follow the [standalone installation instructions](standalone.mdx) to obtain the installation script and place it next to your `Dockerfile`/`Containerfile`. -### Step 2: Creating a stage for installation +#### Step 2: Creating a stage for installation Next, you can start creating a download stage in your `Dockerfile`/`Containerfile`. For details on multi-stage builds please read the [Docker documentation](https://docs.docker.com/build/building/multi-stage/). @@ -83,7 +116,7 @@ RUN apk add gpg RUN ./install-opentofu.sh --install-method standalone --install-path / --symlink-path - ``` -### Step 3: Creating your own image +#### Step 3: Creating your own image Now you can add your image below the installation stage and copy the `tofu` binary into it: