gitdataai/docker/operator.Dockerfile

# ---- Stage 1: Build ----
FROM rust:1.94-bookworm AS builder

ARG BUILD_TARGET=x86_64-unknown-linux-gnu
ENV TARGET=${BUILD_TARGET}

RUN apt-get update && apt-get install -y --no-install-recommends \
    pkg-config libssl-dev libclang-dev \
    gcc g++ make \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /build

COPY Cargo.toml Cargo.lock ./
COPY libs/ libs/
COPY apps/ apps/

RUN cargo fetch
RUN cargo build --release --package operator --target ${TARGET} -j $(nproc)

# ---- Stage 2: Runtime ----
FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates libssl3 \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app
COPY --from=builder /build/target/${TARGET}/release/operator /app/operator

# The operator reads POD_NAMESPACE and OPERATOR_IMAGE_PREFIX from env.
# It connects to the in-cluster Kubernetes API via the service account token.
# All child resources are created in the operator's own namespace.
ENV OPERATOR_LOG_LEVEL=info
ENTRYPOINT ["/app/operator"]