mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 10:37:00 +02:00
Code Issues Projects Releases Wiki Activity
fa03adb718
vault/scripts/docker/Dockerfile.ui
Nick Cabatoff 69f874be1f
Move to go 1.17 (#12868) 
Also ensure that the go 1.17 breaking changes to net.ParseCIDR don't make us choke on stored CIDRs that were acceptable to older Go versions.
2021-10-21 09:32:03 -04:00

91 lines
3.2 KiB
XML
Raw Blame History

# Multi-stage builder to avoid polluting users environment with wrong
# architecture binaries. Since this binary is used in an alpine container,
# we're explicitly compiling for 'linux/amd64'
FROM debian:buster AS builder
ARG VERSION=1.17.2
ARG CGO_ENABLED=0
ARG BUILD_TAGS
ENV JOBS=2
RUN apt-get update -y && apt-get install --no-install-recommends -y -q \
curl \
zip \
build-essential \
gcc-multilib \
g++-multilib \
ca-certificates \
git mercurial bzr \
gnupg \
libltdl-dev \
libltdl7
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update -y && apt-get install -y -q nodejs yarn
RUN rm -rf /var/lib/apt/lists/*
RUN mkdir /goroot && mkdir /go
RUN curl https://storage.googleapis.com/golang/go${VERSION}.linux-amd64.tar.gz \
| tar xvzf - -C /goroot --strip-components=1
ENV GOPATH /go
ENV GOROOT /goroot
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
WORKDIR /go/src/github.com/hashicorp/vault
COPY . .
RUN make bootstrap static-dist \
&& CGO_ENABLED=$CGO_ENABLED BUILD_TAGS="${BUILD_TAGS} ui" VAULT_DEV_BUILD=1 XC_OSARCH='linux/amd64' sh -c "'./scripts/build.sh'"
# Docker Image
FROM alpine:3.13
# Create a vault user and group first so the IDs get set the same way,
# even as the rest of this may change over time.
RUN addgroup vault && \
adduser -S -G vault vault
# Set up certificates, our base tools, and Vault.
RUN set -eux; \
apk add --no-cache ca-certificates libcap su-exec dumb-init tzdata
COPY --from=builder /go/bin/vault /bin/vault
# /vault/logs is made available to use as a location to store audit logs, if
# desired; /vault/file is made available to use as a location with the file
# storage backend, if desired; the server will be started with /vault/config as
# the configuration directory so you can add additional config files in that
# location.
RUN mkdir -p /vault/logs && \
mkdir -p /vault/file && \
mkdir -p /vault/config && \
chown -R vault:vault /vault
# Expose the logs directory as a volume since there's potentially long-running
# state in there
VOLUME /vault/logs
# Expose the file directory as a volume since there's potentially long-running
# state in there
VOLUME /vault/file
# 8200/tcp is the primary interface that applications use to interact with
# Vault.
EXPOSE 8200
# The entry point script uses dumb-init as the top-level process to reap any
# zombie processes created by Vault sub-processes.
#
# For production derivatives of this container, you should add the IPC_LOCK
# capability so that Vault can mlock memory.
COPY ./scripts/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
# By default you'll get a single-node development server that stores everything
# in RAM and bootstraps itself. Don't use this configuration for production.
CMD ["server", "-dev"]
Reference in New Issue View Git Blame Copy Permalink