From b891278e580388ed5708e40d84dd5f58d14b3b91 Mon Sep 17 00:00:00 2001 From: fix Date: Tue, 27 Apr 2021 09:50:26 +0200 Subject: [PATCH] init --- Dockerfile | 69 +++------------------------------------------ docker-compose.yaml | 12 ++++---- env.example | 5 ++++ vault.hcl | 13 +++++++++ 4 files changed, 27 insertions(+), 72 deletions(-) create mode 100644 env.example create mode 100644 vault.hcl diff --git a/Dockerfile b/Dockerfile index 86568b8..691ccc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,68 +1,7 @@ -FROM archlinux as build - -RUN pacman -Syu --noconfirm \ - base-devel \ - git \ - go \ - nodejs-lts-erbium \ - npm \ - sudo \ - yarn +FROM alpine:3 RUN \ - echo -e 'root ALL=(ALL) ALL\n%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers && \ - useradd -m -U -G wheel builduser - -USER builduser - -RUN \ - cd && \ - export GOROOT=/usr/lib/go && \ - export GOPATH=${HOME}/go && \ - export PATH=${PATH}:${GOROOT}/bin:${GOPATH}/bin && \ - git config --global advice.detachedHead false && \ - git clone https://aur.archlinux.org/yay-git.git && \ - cd yay-git && \ - makepkg --syncdeps --install --noconfirm && \ - yay -S --noconfirm \ - nodejs-ember-cli - -ARG VAULT_VERSION= -ARG VAULT_REPO -ARG BUILD_PATH=vault - -RUN --mount=type=tmpfs,target=/home/builduser/go/src/ \ - echo "selected repo: ${VAULT_REPO}" && \ - if [ -z "${VAULT_VERSION}" ]; then \ - VAULT_VERSION=$( \ - git ls-remote "${VAULT_REPO}" | \ - awk '$2 ~ /^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$/ { print substr($2,11) }' | sort -V | tail -n1 \ - ) ; \ - fi && \ - echo "selected vault branch: ${VAULT_VERSION}" && \ - BUILD_PATH=$(echo "${VAULT_REPO}" | sed -E 's/^.*\/\/(.*)\.git/\1/') && \ - BUILD_PATH="${GOPATH}/src/${BUILD_PATH}" && \ - git clone \ - --branch="${VAULT_VERSION}" \ - --depth=1 \ - "${VAULT_REPO}" \ - "${BUILD_PATH}" && \ - cd "${BUILD_PATH}" && \ - make static-dist dev-ui && \ - cp /go/bin/vault /vault - -FROM alpine:3 as runtime - -RUN addgroup vault && \ - adduser -S -G vault vault - -RUN \ - mkdir -p \ - /vault/file \ - /vault/config && \ - chown -R vault:vault /vault - -COPY --from=build /vault /bin/vault - -ENTRYPOINT /bin/vault server -config /vault/config + apk update --no-cache && + apk add --no-cache vault +CMD vault server -config=/ diff --git a/docker-compose.yaml b/docker-compose.yaml index 4dfc054..e4a8821 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,19 +2,17 @@ version: '3' services: vault: - build: - args: - VAULT_REPO: ${VAULT_REPO} - VAULT_VERSION: ${VAULT_VERSION} - context: ./ + command: vault server -config /etc/vault.hcl container_name: vault - image: vault:local + image: vault:${VAULT_VERSION} logging: driver: journald options: tag: vault - restart: never # TODO + restart: unless-stopped ports: - ${API_IP}:${API_PORT}:8200 - ${CLUSTER_IP}:${CLUSTER_PORT}:8201 + volumes: + - ./vault.hcl:/etc/vault.hcl:ro diff --git a/env.example b/env.example new file mode 100644 index 0000000..332d42b --- /dev/null +++ b/env.example @@ -0,0 +1,5 @@ +API_IP="127.0.0.1" +API_PORT=8200 +CLUSTER_IP="127.0.0.1" +CLUSTER_PORT=8201 +VAULT_VERSION="1.7.0" diff --git a/vault.hcl b/vault.hcl new file mode 100644 index 0000000..2d8e190 --- /dev/null +++ b/vault.hcl @@ -0,0 +1,13 @@ +storage "postgresql" { + connection_url = "postgresql://vault:vault@10.250.250.22:5432/vault?sslmode=disable" +} + +listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = "true" +} + +disable_mlock = true +ui = true +log_level = "info" +