sinjuginas/oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
oauth2-proxy/Dockerfile.armv6

34 lines
1.2 KiB
Docker
Raw Normal View History

docker: build from debian buster
2019-10-07 17:03:15 -07:00
FROM golang:1.13-buster AS builder
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
# Download tools
Switch linter to golangci-lint
2019-06-23 20:40:59 +01:00
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.17.1
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
# Copy sources
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy
# Fetch dependencies
Merge branch 'master' into go-mod * master: Move docker dep commands to earlier in the build
2019-07-15 21:38:55 +01:00
COPY go.mod go.sum ./
Ensure gomodules are used when downloading
2019-07-15 21:49:38 +01:00
RUN GO111MODULE=on go mod download
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
Move docker dep commands to earlier in the build This will let Docker cache the results of the vendor dependencies. Making re-builds during testing faster. Also clean-up spurious test & rm in ./configure
2019-07-11 17:18:07 -05:00
# Now pull in our code
COPY . .
added jwt-key-file option, update docs
2019-03-20 15:15:47 -07:00
# Build binary and make sure there is at least an empty key file.
# This is useful for GCP App Engine custom runtime builds, because
# you cannot use multiline variables in their app.yaml, so you have to
# build the key into the container and then tell it where it is
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
# in app.yaml instead.
RUN ./configure && GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
# Copy binary to alpine
Update to Alpine 3.10
2019-07-13 22:14:05 +01:00
FROM arm32v6/alpine:3.10
Add nsswitch.conf to Docker image (#400) * Add nsswitch.conf to Docker image Created nsswitch.conf to use locally defined translations before DNS. Copied to /etc/nsswitch.conf in the image. * Add new line * Updated Changelog Co-authored-by: Dan Bond <danbond@protonmail.com>
2020-02-23 18:16:18 +00:00
COPY nsswitch.conf /etc/nsswitch.conf
fix(docker): simplify build by copying ca-certificates.crt
2019-02-02 14:20:20 +13:00
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy
added jwt-key-file option, update docs
2019-03-20 15:15:47 -07:00
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
fix Docker user on arm Use simple USER directive. Using `addgroup` in final `arm` image when building on amd64 doesn't work. I must have made a mistake during cross build verification. Alternative is to use qemu-static but it's not worth it for this.
2019-05-03 18:38:03 +12:00
USER 2000:2000
Potentially breaking change: docker user & group Run as non-root user and group In the unlikely event that you are currently persisting data to disk then this change may break file read/write access due to a change in the UID/GID that the oauth2_proxy process runs as. Run as non-root system user and group `oauth2proxy` with UID/GID `2000` to avoid clashing with typical local users. An alternative to creating a separate user is to ~~chown binary and~~ run as `USER nobody`, which also works, can amend this PR if required. Least access privileges. Close: https://github.com/pusher/oauth2_proxy/issues/78 Locally with Docker (`-version`): ``` $ ps aux | grep oauth2 2000 25192 6.0 0.0 0 0 ? Ds 15:53 0:00 [oauth2_proxy] ``` Running in Kubernetes 1.13 with the following also specified: ``` securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 ``` ``` $ kubectl exec -it -n oauth2-proxy oauth2-proxy-85c9f58ffc-dz9lr sh /opt $ whoami whoami: unknown uid 10001 /opt $ ps aux PID USER TIME COMMAND 1 10001 0:00 /opt/oauth2_proxy --whitelist-domain=.example.com --cookie-domain=example.com --email-domain=example.com --upstream=file:///dev/null --http-address=0.0.0.0:4180 11 10001 0:00 sh 17 10001 0:00 ps aux ``` <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My change requires a change to the documentation or CHANGELOG. - [x] I have updated the documentation/CHANGELOG accordingly. - [x] I have created a feature (non-master) branch for my PR.
2019-03-05 21:26:49 +13:00
feat(arm): Cross build arm and arm64 docker images - Requires `qemu-user-static`, added to travis - maybe incorrect? - Add build guide - `.gitignore` `release/` directory
2019-02-02 12:08:19 +13:00
ENTRYPOINT ["/bin/oauth2_proxy"]
Reference in New Issue Copy Permalink