nomad
/
acme-to-vault
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
acme-to-vault/images/acme-to-vault/Dockerfile

53 lines
1.5 KiB
Docker
Raw Blame History

FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS vault
ARG VAULT_VERSION=1.15.6
RUN set -euxo pipefail &&\
apk --no-cache add \
curl \
ca-certificates \
&&\
cd /tmp &&\
curl -sSLO https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip &&\
unzip -d /usr/local/bin vault_${VAULT_VERSION}_linux_amd64.zip &&\
rm vault_${VAULT_VERSION}_linux_amd64.zip
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
MAINTAINER [[ .docker.maintainer ]]
ARG VAULT_VERSION=1.15.4
ENV ACME_HTTP_PORT=8787 \
ACME_0_CHALLENGE=http-01 \
ACME_0_DNS_PROVIDER=gandiv5 \
ACME_0_EMAIL=no-reply@example.org \
ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
MINIT_MAIN_KIND=once \
MINIT_MAIN_NAME=acme-to-vault \
MINIT_MAIN=acme-to-vault.sh \
VAULT_ADDR=https://vault.service.example.org:8200 \
VAULT_DISABLE_MLOCK=true
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
RUN set -eu &&\
apk --no-cache upgrade &&\
apk --no-cache add \
curl \
openssl \
ca-certificates \
lego \
jq \
&&\
mkdir -p /data &&\
# Use very open permissions so we can easily mount a tmpfs over /data \
# A /data/acme subdir will be created with restricted permissions anyway \
chmod 777 /data
COPY root/ /
EXPOSE ${ACME_HTTP_PORT}
ENTRYPOINT ["tini", "--", "/entrypoint.sh"]
CMD ["minit"]
Reference in New Issue View Git Blame Copy Permalink