fix: move LABEL commands to the end of Dockerfile.template

Since all the commands except ENTRYPOINT in cert-manager and kubernetes
Dockerfiles are the same, we can utilize the cached layers when building
images in batch, but LABEL commands prevented it from happening, because
labels are different for each image. Thus the cache is invalidated.

By moving LABELs after the common commands we allow cached layers
to be reused for every image, thus speeding up the build process.

org/k8s/cert-manager-acmesolver/Dockerfile.template

@@ -2,12 +2,6 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="cert-manager-acmesolver"
-LABEL org.opencontainers.image.description="HTTP server used to solve ACME challenges."
-LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("cert-manager") }}
 
 RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
@@ -15,3 +9,9 @@ RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-
 USER 1000
 
 ENTRYPOINT ["/usr/bin/acmesolver"]
+
+LABEL org.opencontainers.image.title="cert-manager-acmesolver"
+LABEL org.opencontainers.image.description="HTTP server used to solve ACME challenges."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-cainjector/Dockerfile.template

@@ -2,12 +2,6 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="cert-manager-cainjector"
-LABEL org.opencontainers.image.description="cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into webhooks and APIServices from cert-manager certificates."
-LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("cert-manager") }}
 
 RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
@@ -15,3 +9,9 @@ RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-
 USER 1000
 
 ENTRYPOINT ["/usr/bin/cainjector"]
+
+LABEL org.opencontainers.image.title="cert-manager-cainjector"
+LABEL org.opencontainers.image.description="cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into webhooks and APIServices from cert-manager certificates."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-controller/Dockerfile.template

@@ -2,12 +2,6 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="cert-manager-controller"
-LABEL org.opencontainers.image.description="Automatically provision and manage TLS certificates in Kubernetes."
-LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("cert-manager") }}
 
 RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
@@ -15,3 +9,9 @@ RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-
 USER 1000
 
 ENTRYPOINT ["/usr/bin/controller"]
+
+LABEL org.opencontainers.image.title="cert-manager-controller"
+LABEL org.opencontainers.image.description="Automatically provision and manage TLS certificates in Kubernetes."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-startupapicheck/Dockerfile.template

@@ -2,12 +2,6 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="cert-manager-startupapicheck"
-LABEL org.opencontainers.image.description="Check that cert-manager started successfully."
-LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("cert-manager") }}
 
 RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
@@ -15,3 +9,9 @@ RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-
 USER 1000
 
 ENTRYPOINT ["/usr/bin/startupapicheck"]
+
+LABEL org.opencontainers.image.title="cert-manager-startupapicheck"
+LABEL org.opencontainers.image.description="Check that cert-manager started successfully."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-webhook/Dockerfile.template

@@ -2,12 +2,6 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="cert-manager-webhook"
-LABEL org.opencontainers.image.description="The webhook component provides API validation, mutation and conversion functionality for cert-manager."
-LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("cert-manager") }}
 
 RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
@@ -15,3 +9,9 @@ RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-
 USER 1000
 
 ENTRYPOINT ["/usr/bin/webhook"]
+
+LABEL org.opencontainers.image.title="cert-manager-webhook"
+LABEL org.opencontainers.image.description="The webhook component provides API validation, mutation and conversion functionality for cert-manager."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/kube-apiserver/Dockerfile.template

@@ -2,12 +2,12 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
+{{ install_packages("kubernetes-master") }}
+
+ENTRYPOINT ["/usr/bin/kube-apiserver"]
+
 LABEL org.opencontainers.image.title="kube-apiserver"
 LABEL org.opencontainers.image.description="The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others."
 LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
-{{ install_packages("kubernetes-master") }}
-
-ENTRYPOINT ["/usr/bin/kube-apiserver"]

org/k8s/kube-controller-manager/Dockerfile.template

@@ -2,12 +2,12 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
+{{ install_packages("kubernetes-master") }}
+
+ENTRYPOINT ["/usr/bin/kube-controller-manager"]
+
 LABEL org.opencontainers.image.title="kube-controller-manager"
 LABEL org.opencontainers.image.description="The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes."
 LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
-{{ install_packages("kubernetes-master") }}
-
-ENTRYPOINT ["/usr/bin/kube-controller-manager"]

org/k8s/kube-proxy/Dockerfile.template

@@ -2,14 +2,14 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
-LABEL org.opencontainers.image.title="kube-proxy"
-LABEL org.opencontainers.image.description="The Kubernetes network proxy runs on each node."
-LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
 {{ install_packages("kubernetes-node") }}
 
 RUN ln -s /usr/bin/kube-proxy /usr/local/bin/kube-proxy
 
 ENTRYPOINT ["/usr/bin/kube-proxy"]
+
+LABEL org.opencontainers.image.title="kube-proxy"
+LABEL org.opencontainers.image.description="The Kubernetes network proxy runs on each node."
+LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/kube-scheduler/Dockerfile.template

@@ -2,12 +2,12 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 
 MAINTAINER alt-cloud
 
+{{ install_packages("kubernetes-master") }}
+
+ENTRYPOINT ["/usr/bin/kube-scheduler"]
+
 LABEL org.opencontainers.image.title="kube-scheduler"
 LABEL org.opencontainers.image.description="The Kubernetes scheduler is a control plane process which assigns Pods to Nodes."
 LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
-
-{{ install_packages("kubernetes-master") }}
-
-ENTRYPOINT ["/usr/bin/kube-scheduler"]