forked from hashicorp/boundary
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
127 lines (98 loc) · 5.02 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# This Dockerfile contains multiple targets.
# Use 'docker build --target=<name> .' to build one.
# e.g. `docker build --target=dev .`
#
# All non-dev targets have a VERSION argument that must be provided
# via --build-arg=VERSION=<version> when building.
# e.g. --build-arg=0.7.4
#
# `default` is the production docker image which cannot be built locally.
# For local dev and testing purposes, please build and use the `dev` docker image.
# Development docker image
FROM docker.mirror.hashicorp.services/alpine:3.13 as dev
RUN set -eux && \
addgroup boundary && \
adduser -s /bin/sh -S -G boundary boundary && \
apk add --no-cache wget ca-certificates dumb-init gnupg libcap openssl su-exec iputils libc6-compat iptables
ADD bin/boundary /bin/boundary
RUN mkdir /boundary/
ADD .release/docker/config.hcl /boundary/config.hcl
RUN chown -R boundary:boundary /boundary/
RUN chmod -R 640 /boundary/*
EXPOSE 9200 9201 9202
VOLUME /boundary/
COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["server", "-config", "/boundary/config.hcl"]
# Official docker image that uses binaries from releases.hashicorp.com
FROM docker.mirror.hashicorp.services/alpine:3.13 as official
ARG PRODUCT_VERSION
LABEL name="Boundary" \
maintainer="HashiCorp Boundary Team <boundary@hashicorp.com>" \
vendor="HashiCorp" \
version=$PRODUCT_VERSION \
release=$PRODUCT_VERSION \
summary="Boundary provides simple and secure access to hosts and services" \
description="The Boundary Docker image is designed to enable practitioners to run Boundary in server mode on a container scheduler"
RUN set -eux && \
addgroup boundary && \
adduser -s /bin/sh -S -G boundary boundary && \
apk add --no-cache wget ca-certificates dumb-init gnupg libcap openssl su-exec iputils libc6-compat iptables && \
gpg --keyserver keyserver.ubuntu.com --recv-keys C874011F0AB405110D02105534365D9472D7468F && \
cd /tmp && \
apkArch="$(apk --print-arch)" && \
case "${apkArch}" in \
aarch64) boundaryArch='arm64' ;; \
armhf) boundaryArch='armhfv6' ;; \
x86) boundaryArch='386' ;; \
x86_64) boundaryArch='amd64' ;; \
*) echo >&2 "error: unsupported architecture: ${apkArch} (see https://releases.hashicorp.com/boundary/${PRODUCT_VERSION}/ )" && exit 1 ;; \
esac && \
wget https://releases.hashicorp.com/boundary/${PRODUCT_VERSION}/boundary_${PRODUCT_VERSION}_linux_${boundaryArch}.zip && \
wget https://releases.hashicorp.com/boundary/${PRODUCT_VERSION}/boundary_${PRODUCT_VERSION}_SHA256SUMS && \
wget https://releases.hashicorp.com/boundary/${PRODUCT_VERSION}/boundary_${PRODUCT_VERSION}_SHA256SUMS.sig && \
gpg --batch --verify boundary_${PRODUCT_VERSION}_SHA256SUMS.sig boundary_${PRODUCT_VERSION}_SHA256SUMS && \
grep boundary_${PRODUCT_VERSION}_linux_${boundaryArch}.zip boundary_${PRODUCT_VERSION}_SHA256SUMS | sha256sum -c && \
unzip -d /bin boundary_${PRODUCT_VERSION}_linux_${boundaryArch}.zip && \
rm boundary_${PRODUCT_VERSION}_linux_${boundaryArch}.zip boundary_${PRODUCT_VERSION}_SHA256SUMS boundary_${PRODUCT_VERSION}_SHA256SUMS.sig && \
mkdir /boundary
COPY .release/docker/config.hcl /boundary/config.hcl
RUN chown -R boundary:boundary /boundary/
RUN chmod -R 640 /boundary/*
EXPOSE 9200 9201 9202
VOLUME /boundary/
COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["server", "-config", "/boundary/config.hcl"]
# Production docker image
# Remember, this cannot be built locally
FROM docker.mirror.hashicorp.services/alpine:3.13 as default
ARG BIN_NAME
# NAME and PRODUCT_VERSION are the name of the software in releases.hashicorp.com
# and the version to download. Example: NAME=boundary PRODUCT_VERSION=1.2.3.
ARG NAME=boundary
ARG PRODUCT_VERSION
# TARGETARCH and TARGETOS are set automatically when --platform is provided.
ARG TARGETOS TARGETARCH
LABEL name="Boundary" \
maintainer="HashiCorp Boundary Team <boundary@hashicorp.com>" \
vendor="HashiCorp" \
version=$PRODUCT_VERSION \
release=$PRODUCT_VERSION \
summary="Boundary provides simple and secure access to hosts and services" \
description="The Boundary Docker image is designed to enable practitioners to run Boundary in server mode on a container scheduler"
# Set ARGs as ENV so that they can be used in ENTRYPOINT/CMD
ENV NAME=$NAME
ENV VERSION=$PRODUCT_VERSION
# Create a non-root user to run the software.
RUN addgroup ${NAME} && adduser -s /bin/sh -S -G ${NAME} ${NAME}
RUN apk add --no-cache wget ca-certificates dumb-init gnupg libcap openssl su-exec iputils libc6-compat iptables
COPY .release/docker/config.hcl /boundary/config.hcl
COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /bin/
RUN chown -R ${NAME}:${NAME} /boundary
RUN chmod -R 640 /boundary/*
EXPOSE 9200 9201 9202
VOLUME /boundary/
COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["server", "-config", "/boundary/config.hcl"]