Manually install vault as its removed from alpine 3.19
This commit is contained in:
parent
c0705dd940
commit
9a5faed3d9
|
@ -45,7 +45,7 @@ job "acme-to-vault" {
|
|||
user = 8787
|
||||
|
||||
config {
|
||||
image = "danielberteaud/acme-to-vault:23.12-1"
|
||||
image = "danielberteaud/acme-to-vault:24.1-1"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
|
||||
|
|
|
@ -1,6 +1,22 @@
|
|||
FROM danielberteaud/alpine:24.1-1
|
||||
FROM danielberteaud/alpine:24.1-2 AS vault
|
||||
|
||||
ARG VAULT_VERSION=1.15.4
|
||||
|
||||
RUN set -euxo pipefail &&\
|
||||
apk --no-cache add \
|
||||
curl \
|
||||
ca-certificates \
|
||||
&&\
|
||||
cd /tmp &&\
|
||||
curl -sSLO https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip &&\
|
||||
unzip -d /usr/local/bin vault_${VAULT_VERSION}_linux_amd64.zip &&\
|
||||
rm vault_${VAULT_VERSION}_linux_amd64.zip
|
||||
|
||||
FROM danielberteaud/alpine:24.1-2
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG VAULT_VERSION=1.15.4
|
||||
|
||||
ENV ACME_HTTP_PORT=8787 \
|
||||
ACME_0_CHALLENGE=http-01 \
|
||||
ACME_0_DNS_PROVIDER=gandiv5 \
|
||||
|
@ -10,6 +26,7 @@ ENV ACME_HTTP_PORT=8787 \
|
|||
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
|
||||
VAULT_ADDR=https://vault.service.example.org:8200
|
||||
|
||||
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
|
||||
RUN set -eu &&\
|
||||
apk --no-cache upgrade &&\
|
||||
apk --no-cache add \
|
||||
|
@ -18,16 +35,13 @@ RUN set -eu &&\
|
|||
ca-certificates \
|
||||
tini \
|
||||
lego \
|
||||
vault \
|
||||
jq \
|
||||
supercronic \
|
||||
libcap-utils \
|
||||
&&\
|
||||
mkdir -p /data &&\
|
||||
# Use very open permissions so we can easily mount a tmpfs over /data \
|
||||
# A /data/acme subdir will be created with restricted permissions anyway \
|
||||
chmod 777 /data &&\
|
||||
setcap -r /usr/sbin/vault
|
||||
chmod 777 /data
|
||||
|
||||
COPY root/ /
|
||||
|
||||
|
|
|
@ -1,6 +1,22 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS vault
|
||||
|
||||
ARG VAULT_VERSION=1.15.4
|
||||
|
||||
RUN set -euxo pipefail &&\
|
||||
apk --no-cache add \
|
||||
curl \
|
||||
ca-certificates \
|
||||
&&\
|
||||
cd /tmp &&\
|
||||
curl -sSLO https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip &&\
|
||||
unzip -d /usr/local/bin vault_${VAULT_VERSION}_linux_amd64.zip &&\
|
||||
rm vault_${VAULT_VERSION}_linux_amd64.zip
|
||||
|
||||
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG VAULT_VERSION=1.15.4
|
||||
|
||||
ENV ACME_HTTP_PORT=8787 \
|
||||
ACME_0_CHALLENGE=http-01 \
|
||||
ACME_0_DNS_PROVIDER=gandiv5 \
|
||||
|
@ -10,6 +26,7 @@ ENV ACME_HTTP_PORT=8787 \
|
|||
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
|
||||
VAULT_ADDR=https://vault.service.example.org:8200
|
||||
|
||||
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
|
||||
RUN set -eu &&\
|
||||
apk --no-cache upgrade &&\
|
||||
apk --no-cache add \
|
||||
|
@ -18,16 +35,13 @@ RUN set -eu &&\
|
|||
ca-certificates \
|
||||
tini \
|
||||
lego \
|
||||
vault \
|
||||
jq \
|
||||
supercronic \
|
||||
libcap-utils \
|
||||
&&\
|
||||
mkdir -p /data &&\
|
||||
# Use very open permissions so we can easily mount a tmpfs over /data \
|
||||
# A /data/acme subdir will be created with restricted permissions anyway \
|
||||
chmod 777 /data &&\
|
||||
setcap -r /usr/sbin/vault
|
||||
chmod 777 /data
|
||||
|
||||
COPY root/ /
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ instance: acme-to-vault
|
|||
|
||||
acme:
|
||||
# The Docker image to use
|
||||
image: '[[ .docker.repo ]]acme-to-vault:23.12-1'
|
||||
image: '[[ .docker.repo ]]acme-to-vault:24.1-1'
|
||||
|
||||
# If a cron expression is defined, the service will stay running and renew certs.
|
||||
# If an empty string, the container will exit after running once
|
||||
|
|
Loading…
Reference in New Issue