# Note these args have to be before the first FROM
ARG CONSUL_IMAGE
ARG ENVOY_VERSION

FROM ${CONSUL_IMAGE} as consul

FROM docker.mirror.hashicorp.services/envoyproxy/envoy:v${ENVOY_VERSION}

# Install iptables and sudo, needed for tproxy.
RUN apt update -y \
	&& apt install -y iptables sudo curl dnsutils \
	&& adduser envoy sudo \
	&& echo 'envoy ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

COPY tproxy-startup.sh /bin/tproxy-startup.sh
RUN chmod +x /bin/tproxy-startup.sh \
	&& chown envoy:envoy /bin/tproxy-startup.sh

COPY --from=consul /bin/consul /bin/consul

USER envoy