FROM python:3.11-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc python3-dev libffi-dev libssl-dev \
    && rm -rf /var/lib/apt/lists/*

RUN groupadd -g 1000 citadel && useradd -m -u 1000 -g citadel citadel

WORKDIR /app
COPY . /tmp/citadel-src/
RUN pip install --no-cache-dir '/tmp/citadel-src/[operator]' \
    && rm -rf /tmp/citadel-src/

USER citadel

ENTRYPOINT ["kopf", "run", "--standalone", "--liveness=http://0.0.0.0:8081/healthz"]
CMD ["-m", "citadel_operator.k3s.namespace_infra_operator", "-m", "citadel_operator.k3s.lifecycle_operator"]
