infra/containers/openbao/Containerfile

54 lines
1.9 KiB
Text
Raw Permalink Normal View History

2024-08-29 18:29:08 +00:00
FROM node:22 AS web-build
RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao
WORKDIR /usr/src/openbao
RUN make ember-dist
FROM golang:1.23 AS build
2024-08-29 18:29:08 +00:00
RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao
WORKDIR /usr/src/openbao
COPY --from=web-build /usr/src/openbao/http/web_ui /usr/src/openbao/http/web_ui
RUN make bootstrap
RUN make bin
# Final image based on openbao Dockerfile
FROM alpine:3.20
ARG NAME=openbao
# Create a non-root user to run the software.
RUN addgroup ${NAME} && adduser -S -G ${NAME} ${NAME}
RUN apk add --no-cache libcap su-exec dumb-init tzdata
COPY --from=build /usr/src/openbao/bin/bao /bin/bao
# /vault/logs is made available to use as a location to store audit logs, if
# desired; /vault/file is made available to use as a location with the file
# storage backend, if desired; the server will be started with /vault/config as
# the configuration directory so you can add additional config files in that
# location.
RUN mkdir -p /openbao/logs && \
mkdir -p /openbao/file && \
mkdir -p /openbao/config && \
chown -R ${NAME}:${NAME} /openbao
# Expose the logs directory as a volume since there's potentially long-running
# state in there
VOLUME /openbao/logs
# Expose the file directory as a volume since there's potentially long-running
# state in there
VOLUME /openbao/file
# 8200/tcp is the primary interface that applications use to interact with
# OpenBao.
EXPOSE 8200
# The entry point script uses dumb-init as the top-level process to reap any
# zombie processes created by OpenBao sub-processes.
COPY --from=build /usr/src/openbao/.release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
# # By default you'll get a single-node development server that stores everything
# # in RAM and bootstraps itself. Don't use this configuration for production.
CMD ["server", "-dev"]