From 6ffc438ed185c419b8183dede81329673184c6fb Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 2 Sep 2020 09:30:45 -0700 Subject: [PATCH] Update Dockerfile.step-ca to match best practices - See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ - Added a .dockerignore file to reduce the build context size - Added a HEALTHCHECK (curl the CA) --- .dockerignore | 7 +++++++ docker/Dockerfile.step-ca | 19 +++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..5b671c40 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +README.md +.gitignore +bin +coverage.txt +*.test +*.out +.travis-releases diff --git a/docker/Dockerfile.step-ca b/docker/Dockerfile.step-ca index 5d8fdacd..6e902b68 100644 --- a/docker/Dockerfile.step-ca +++ b/docker/Dockerfile.step-ca @@ -1,24 +1,27 @@ FROM golang:alpine AS builder -RUN mkdir /src -ADD . /src +WORKDIR /src +COPY . . -RUN apk add --no-cache make git curl && \ - cd /src && \ - make V=1 bin/step-ca +RUN apk add --no-cache \ + curl \ + git \ + make && \ + make V=1 bin/step-ca FROM smallstep/step-cli:latest COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca -ENV CONFIGPATH="/home/step/config/ca.json" -ENV PWDPATH="/home/step/secrets/password" - USER root RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca USER step +ENV CONFIGPATH="/home/step/config/ca.json" +ENV PWDPATH="/home/step/secrets/password" + VOLUME ["/home/step"] STOPSIGNAL SIGTERM +HEALTHCHECK CMD curl --cacert /home/step/certs/root_ca.crt -sSf https://localhost/health >/dev/null || exit 1 CMD exec /bin/sh -c "/usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH"