Update Dockerfile.step-ca to match best practices

- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)
This commit is contained in:
Carl Tashian 2020-09-02 09:30:45 -07:00
parent 8ee246edda
commit 6ffc438ed1
2 changed files with 18 additions and 8 deletions

7
.dockerignore Normal file
View file

@ -0,0 +1,7 @@
README.md
.gitignore
bin
coverage.txt
*.test
*.out
.travis-releases

View file

@ -1,24 +1,27 @@
FROM golang:alpine AS builder
RUN mkdir /src
ADD . /src
WORKDIR /src
COPY . .
RUN apk add --no-cache make git curl && \
cd /src && \
make V=1 bin/step-ca
RUN apk add --no-cache \
curl \
git \
make && \
make V=1 bin/step-ca
FROM smallstep/step-cli:latest
COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
ENV CONFIGPATH="/home/step/config/ca.json"
ENV PWDPATH="/home/step/secrets/password"
USER root
RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
USER step
ENV CONFIGPATH="/home/step/config/ca.json"
ENV PWDPATH="/home/step/secrets/password"
VOLUME ["/home/step"]
STOPSIGNAL SIGTERM
HEALTHCHECK CMD curl --cacert /home/step/certs/root_ca.crt -sSf https://localhost/health >/dev/null || exit 1
CMD exec /bin/sh -c "/usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH"